diff options
Diffstat (limited to 'system')
177 files changed, 13952 insertions, 448 deletions
diff --git a/system/abuild/0001-abuild-add-env-option-to-require-tests.patch b/system/abuild/0001-abuild-add-env-option-to-require-tests.patch new file mode 100644 index 000000000..49497421b --- /dev/null +++ b/system/abuild/0001-abuild-add-env-option-to-require-tests.patch @@ -0,0 +1,33 @@ +From d85a92478fc8a95bdcb4bf84c30c20ca935abc08 Mon Sep 17 00:00:00 2001 +From: Carlo Landmeter <clandmeter@gmail.com> +Date: Tue, 24 Oct 2017 14:48:52 +0200 +Subject: [PATCH] abuild: add env option to require tests + +This adds an env option REQUIRE_CHECK to require testsuites to +be run. This does not clutter getopts so it can be safely removed +afterwards when we enforce tests globally. This will allow our CI +infrastructure to enforce testsuites where possible. +--- + abuild.in | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/abuild.in b/abuild.in +index 41b465d..7e3c818 100644 +--- a/abuild.in ++++ b/abuild.in +@@ -226,6 +226,12 @@ default_sanitycheck() { + check_secfixes_comment || return 1 + + makedepends_has 'g++' && ! options_has toolchain && warning "g++ should not be in makedepends" ++ ++ if ! options_has "!check" && [ -n "$REQUIRE_CHECK" ]; then ++ (unset check; . "$APKBUILD"; type check >/dev/null 2>&1) || \ ++ die "Testsuites (abuild check) are required or needs to be explicitly disabled!" ++ fi ++ + return 0 + } + +-- +2.14.2 + diff --git a/system/abuild/APKBUILD b/system/abuild/APKBUILD new file mode 100644 index 000000000..8dd1c12b6 --- /dev/null +++ b/system/abuild/APKBUILD @@ -0,0 +1,78 @@ +# Maintainer: Natanael Copa <ncopa@alpinelinux.org> +pkgname=abuild +pkgver=3.1.0 +_ver=${pkgver%_git*} +pkgrel=2 +pkgdesc="Script to build Alpine Packages" +url="http://git.alpinelinux.org/cgit/abuild/" +arch="all" +license="GPL-2.0" +depends="fakeroot sudo pax-utils openssl apk-tools>=2.0.7-r1 libc-utils + attr libarchive-tools pkgconf patch lzip" +if [ "$CBUILD" = "$CHOST" ]; then + depends="$depends curl" +fi +makedepends_build="pkgconfig" +makedepends_host="openssl-dev zlib-dev" +makedepends="$makedepends_host $makedepends_build" +install="$pkgname.pre-install $pkgname.pre-upgrade" +subpackages="apkbuild-cpan:cpan:noarch apkbuild-gem-resolver:gems:noarch + abuild-rootbld:_rootbld:noarch" +options="suid !check" +pkggroups="abuild" +source="http://dev.alpinelinux.org/archive/abuild/abuild-$_ver.tar.xz + posix-abuild.patch + newapkbuild-cmake.patch + adelie-customisations.patch + 0001-abuild-add-env-option-to-require-tests.patch + " +builddir="$srcdir/$pkgname-$_ver" + +prepare() { + default_prepare + + cd "$builddir" + sed -i -e "/^CHOST=/s/=.*/=$CHOST/" abuild.conf +} + +build() { + cd "$builddir" + make VERSION="$pkgver-r$pkgrel" +} + +package() { + cd "$builddir" + + make install VERSION="$pkgver-r$pkgrel" DESTDIR="$pkgdir" + + install -m 644 abuild.conf "$pkgdir"/etc/abuild.conf + install -d -m 775 -g abuild "$pkgdir"/var/cache/distfiles +} + +cpan() { + pkgdesc="Script to generate perl APKBUILD from CPAN" + depends="perl perl-libwww perl-json perl-module-build-tiny" + + mkdir -p "$subpkgdir"/usr/bin + mv "$pkgdir"/usr/bin/apkbuild-cpan "$subpkgdir"/usr/bin/ +} + +gems() { + pkgdesc="APKBUILD dependency resolver for RubyGems" + depends="ruby ruby-augeas" + + mkdir -p "$subpkgdir"/usr/bin + mv "$pkgdir"/usr/bin/apkbuild-gem-resolver "$subpkgdir"/usr/bin/ +} + +_rootbld() { + pkgdesc="Build packages in chroot" + depends="abuild bubblewrap gettext git" + mkdir -p "$subpkgdir" +} + +sha512sums="bb9093d67942e3a63e4e053692c0bca30940cae05955518206cd9f7029211a188b7f442456ae126e61cbdca224eddb31e967d5cf0637e16893163cc963871a52 abuild-3.1.0.tar.xz +86194084e95cdb42d4b1bc3d4ff2b8144125aa4e7f74f8c97023c55f2304d27d8c377baf5075666c9b43323506357b962d83d4a30a3f41cde7b53542889adf2d posix-abuild.patch +705c393b37c37a364473590190122a43a2962946290a873e6685cd4eb43c4874bfdf7489e7b655f870b332dee38edca5dcf2d3906461001875a55b9e6549b824 newapkbuild-cmake.patch +e27f29b94fe55fe59ab9dc28986cd1755a41221ad6b4457c7c0b268e561f7c6946ea6fcb8b7ace897acfde2e4660ec7150ef43fb0c71c6c20dfd38aa1d062140 adelie-customisations.patch +e02cc44c8ad9dd61c9b80684b8cf5b64477a6fd6221cde9efea2a7594c6e7ce01a51f8bd4b80d72f82f7caf93217979fb0b354c420983891fa93f34c4252a035 0001-abuild-add-env-option-to-require-tests.patch" diff --git a/system/abuild/abuild.pre-install b/system/abuild/abuild.pre-install new file mode 100644 index 000000000..fd3d39a36 --- /dev/null +++ b/system/abuild/abuild.pre-install @@ -0,0 +1,5 @@ +#!/bin/sh + +addgroup -S abuild 2>/dev/null + +exit 0 diff --git a/system/abuild/abuild.pre-upgrade b/system/abuild/abuild.pre-upgrade new file mode 120000 index 000000000..99e4a2144 --- /dev/null +++ b/system/abuild/abuild.pre-upgrade @@ -0,0 +1 @@ +abuild.pre-install
\ No newline at end of file diff --git a/system/abuild/adelie-customisations.patch b/system/abuild/adelie-customisations.patch new file mode 100644 index 000000000..db7280abc --- /dev/null +++ b/system/abuild/adelie-customisations.patch @@ -0,0 +1,48 @@ +diff --git a/functions.sh.in b/functions.sh.in +index 4f2c023..a4de25c 100644 +--- a/functions.sh.in ++++ b/functions.sh.in +@@ -5,16 +5,20 @@ program=${0##*/} + + arch_to_hostspec() { + case "$1" in +- aarch64) echo "aarch64-alpine-linux-musl" ;; +- armel) echo "armv5-alpine-linux-musleabi" ;; +- armhf) echo "armv6-alpine-linux-muslgnueabihf" ;; +- armv7) echo "armv7-alpine-linux-musleabihf" ;; +- ppc) echo "powerpc-alpine-linux-musl" ;; +- ppc64) echo "powerpc64-alpine-linux-musl" ;; +- ppc64le) echo "powerpc64le-alpine-linux-musl" ;; +- s390x) echo "s390x-alpine-linux-musl" ;; +- x86) echo "i586-alpine-linux-musl" ;; +- x86_64) echo "x86_64-alpine-linux-musl" ;; ++ aarch64) echo "aarch64-foxkit-linux-musl" ;; ++ armel) echo "armv5-foxkit-linux-musleabi" ;; ++ armhf) echo "armv6-foxkit-linux-muslgnueabihf" ;; ++ armv7) echo "armv7-foxkit-linux-musleabihf" ;; ++ i528) echo "pentium4-foxkit-linux-musl" ;; ++ mips) echo "mips-foxkit-linux-musl" ;; ++ mips32) echo "mips32el-foxkit-linux-musl" ;; ++ pmmx) echo "i586-foxkit-linux-musl" ;; ++ ppc) echo "powerpc-foxkit-linux-musl" ;; ++ ppc64) echo "powerpc64-foxkit-linux-musl" ;; ++ ppc64le) echo "powerpc64le-foxkit-linux-musl" ;; ++ s390x) echo "s390x-foxkit-linux-musl" ;; ++ x86) echo "i486-foxkit-linux-musl" ;; ++ x86_64) echo "x86_64-foxkit-linux-musl" ;; + *) echo "unknown" ;; + esac + } +@@ -25,7 +29,11 @@ hostspec_to_arch() { + arm*-*-*-*eabi) echo "armel" ;; + armv6*-*-*-*eabihf) echo "armhf" ;; + armv7*-*-*-*eabihf) echo "armv7" ;; +- i[0-9]86-*-*-*) echo "x86" ;; ++ i486-*-*-*) echo "x86" ;; ++ i586-*-*-*) echo "pmmx" ;; ++ mips32*-*-*-*) echo "mips32" ;; ++ mips*-*-*-*) echo "mips" ;; ++ pentium4-*-*-*) echo "i528" ;; + powerpc-*-*-*) echo "ppc" ;; + powerpc64-*-*-*) echo "ppc64" ;; + powerpc64le-*-*-*) echo "ppc64le" ;; diff --git a/system/abuild/newapkbuild-cmake.patch b/system/abuild/newapkbuild-cmake.patch new file mode 100644 index 000000000..e83ba753a --- /dev/null +++ b/system/abuild/newapkbuild-cmake.patch @@ -0,0 +1,35 @@ +From 4e0fb906bb3c77f307763a9565295e7d23a3b5e7 Mon Sep 17 00:00:00 2001 +From: "A. Wilcox" <AWilcox@Wilcox-Tech.com> +Date: Wed, 11 Oct 2017 17:47:23 -0500 +Subject: [PATCH] newapkbuild: add default check to CMake and RelWithDebugInfo + type + +--- + newapkbuild.in | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +diff --git a/newapkbuild.in b/newapkbuild.in +index c11aa39..d1cf2b9 100644 +--- a/newapkbuild.in ++++ b/newapkbuild.in +@@ -66,11 +66,16 @@ build_cmake() { + -DCMAKE_INSTALL_PREFIX=/usr \\ + -DCMAKE_INSTALL_LIBDIR=lib \\ + -DBUILD_SHARED_LIBS=True \\ +- -DCMAKE_BUILD_TYPE=Release \\ ++ -DCMAKE_BUILD_TYPE=RelWithDebugInfo \\ + -DCMAKE_CXX_FLAGS="\$CXXFLAGS" \\ + -DCMAKE_C_FLAGS="\$CFLAGS" \\ + \${CMAKE_CROSSOPTS} + make ++} ++ ++check() { ++ cd "\$builddir" ++ CTEST_OUTPUT_ON_FAILURE=TRUE ctest + __EOF__ + } + +-- +2.14.1 + diff --git a/system/abuild/posix-abuild.patch b/system/abuild/posix-abuild.patch new file mode 100644 index 000000000..ae95bec72 --- /dev/null +++ b/system/abuild/posix-abuild.patch @@ -0,0 +1,68 @@ +--- src/abuild.in 2017-09-19 07:02:57.000000000 -0500 ++++ src/abuild.in 2017-09-23 22:34:32.534221312 -0500 +@@ -1,4 +1,4 @@ +-#!/bin/ash -e ++#!/bin/sh -e + + # abuild - build apk packages (light version of makepkg) + # Copyright (c) 2008-2015 Natanael Copa <ncopa@alpinelinux.org> +@@ -425,11 +425,11 @@ + tar -C "$srcdir" --lzip -xf "$s" || return 1;; + *.tar.lzma) + msg "Unpacking $s..." +- unlzma -c "$s" | tar -C "$srcdir" -x \ ++ unlzma -c "$s" | tar -C "$srcdir" -f - -x \ + || return 1;; + *.tar.xz) + msg "Unpacking $s..." +- unxz -c "$s" | tar -C "$srcdir" -x || return 1;; ++ unxz -c "$s" | tar -C "$srcdir" -f - -x || return 1;; + *.zip) + msg "Unpacking $s..." + unzip -n -q "$s" -d "$srcdir" || return 1;; +@@ -476,7 +476,7 @@ + subpkgarch=${_splitarch#*:} + if [ "$subpkgarch" = "$_splitarch" -o -z "$subpkgarch" ]; then + case "$subpkgname" in +- *-doc | *-lang | *-lang-*) subpkgarch="noarch" ;; ++ *-doc | *-lang | *-lang-* | *-openrc) subpkgarch="noarch" ;; + *) subpkgarch="$pkgarch" ;; + esac + fi +@@ -1395,7 +1395,7 @@ + touch .dummy + set -- .dummy + fi +- tar --xattrs -f - -c "$@" | abuild-tar --hash | gzip -9 >"$dir"/data.tar.gz ++ tar --format pax --xattrs -f - -c "$@" | abuild-tar --hash | gzip -9 >"$dir"/data.tar.gz + + msg "Create checksum..." + # append the hash for data.tar.gz +@@ -1404,7 +1404,7 @@ + + # control.tar.gz + cd "$dir" +- tar -f - -c $(cat "$dir"/.metafiles) | abuild-tar --cut \ ++ tar --format pax -f - -c $(cat "$dir"/.metafiles) | abuild-tar --cut \ + | gzip -9 > control.tar.gz + abuild-sign -q control.tar.gz || exit 1 + +@@ -1483,9 +1483,7 @@ + + # predefined function check + default_check() { +- warning "APKBUILD does not run any tests!" +- msg2 "Alpine policy will soon require that packages have any relevant testsuites run during the build process." +- msg2 "To fix, either define a check() function, or declare !check in \$options to indicate the package does not have a testsuite." ++ die "APKBUILD does not run any tests!" + } + + check() { +@@ -2337,6 +2335,7 @@ + } + + usage() { ++ echo "$program $program_version" + cat <<-EOF + usage: $program [options] [-P REPODEST] [-s SRCDEST] [-D DESCRIPTION] [cmd] ... + $program [-c] -n PKGNAME[-PKGVER] diff --git a/system/adelie-base/APKBUILD b/system/adelie-base/APKBUILD index 7598e83a4..cbd38f552 100644 --- a/system/adelie-base/APKBUILD +++ b/system/adelie-base/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: A. Wilcox <awilfox@adelielinux.org> pkgname=adelie-base pkgver=0.4.0 -pkgrel=0 +pkgrel=2 pkgdesc="The Adélie Linux Base System" url="http://adelielinux.org/" arch="noarch" @@ -43,6 +43,7 @@ package() { make install DESTDIR="$pkgdir" install -m644 "$srcdir"/group "$pkgdir"/etc/group install -m644 "$srcdir"/passwd "$pkgdir"/etc/passwd + install -m640 -g shadow "$builddir"/tree/etc/shadow "$pkgdir"/etc/shadow # stupid inflatable stupid busybox for i in adduser addgroup; do @@ -83,4 +84,4 @@ sha512sums="557cc53610c3fed8d570f0c0048370eb633f87b72df52fac73b3f3b4327cf7619141 e6775b9e1c6421338aaceee375b3b74aa100fd444e369b280ce45c9167119b76bebc11737d7f929e50e20a553a35e0e25f7d0f71deb0483d3bccc08e319dcf98 group 9eede0c1cd56a9ffb5227cc9446cdb1bbe73d5f17cd5ee99cf29acca3160f3a96d79e1420311a140f9d9f32950b9823b33ad84dadf7b85921d4f1a945dd5a252 passwd a5035c18efc50be5d0c8dd452619d781da09c9441ed53462c99693170d1ae2b4306a81846e42b616c5ef8cd5b6fbbf047f93ae5ee9613126581cf701b3a6ade7 addgroup -9e53246d7674279b64962eb45060f07a752f86e9b3cee49b4b05be4dd13113b03c18e62381c92546fae9b05b3dc6100f29cea48c716b3219d973444f71e1fd5a adduser" +f50be377c781b1eefb1804ac9d96b4ebc64f80abe0d12b288413687a000e79ca30c531bbced2c63f9e4df59b1d8a71d0eda09ee82782eaafea453f2f1c2f7b8f adduser" diff --git a/system/adelie-base/adduser b/system/adelie-base/adduser index ba9d90a61..5c458045d 100755 --- a/system/adelie-base/adduser +++ b/system/adelie-base/adduser @@ -68,7 +68,7 @@ if [ -n "$MYGROUPS" ]; then fi if [ -n "$HOMEDIR" ]; then - CMDLINE="$CMDLINE -m -d \"$HOMEDIR\" -k \"$SKEL\"" + CMDLINE="$CMDLINE -m -d $HOMEDIR -k $SKEL" fi if [ $SYSTEM -ne 0 ]; then diff --git a/system/bash/APKBUILD b/system/bash/APKBUILD new file mode 100644 index 000000000..c5a476b1a --- /dev/null +++ b/system/bash/APKBUILD @@ -0,0 +1,116 @@ +# Contributor: Łukasz Jendrysik <scadu@yandex.com> +# Contributor: TBK <alpine@jjtc.eu> +# Maintainer: Natanael Copa <ncopa@alpinelinux.org> +pkgname=bash +pkgver=4.4.12 +_patchlevel=${pkgver##*.} +_myver=${pkgver%.*} +_patchbase=${_myver/./} +pkgrel=2 +pkgdesc="The GNU Bourne Again shell" +url="http://www.gnu.org/software/bash/bash.html" +arch="all" +license="GPL3+" +makedepends_build="bison flex" +makedepends_host="readline-dev ncurses-dev" +depends="" +options="!checkroot" +install="$pkgname.post-upgrade $pkgname.pre-deinstall" +subpackages="$pkgname-doc $pkgname-binsh:binsh:noarch" +source="http://ftp.gnu.org/gnu/bash/bash-${_myver}.tar.gz + bash-noinfo.patch + bash44-sensible-defaults.patch + bashrc + " +# generate url's to patches. note: no forks allowed! +_i=1 +_pad="00" +while [ $_i -le $_patchlevel ]; do + [ $_i -ge 10 ] && _pad="0" + [ $_i -ge 100 ] && _pad= + source="$source http://ftp.gnu.org/gnu/bash/bash-$_myver-patches/bash$_patchbase-$_pad$_i" + _i=$(( $_i + 1)) +done + +# secfixes: +# 4.4.12-r1: +# - CVE-2016-0634 + +builddir="$srcdir"/$pkgname-$_myver + +prepare() { + cd "$builddir" + + # NOTE: This section is for applying the vendor patches, which are required to fix + # security holes. `default_prepare` does *not* apply vendor patches in the format + # shipped with bash. We also need to make sure vendor patches are applied before + # our own. + # If you disagree, please request an experimental rebuild with bash as /bin/sh, + # before removing this section. + for p in $source; do + case $p in + */bash[0-9][0-9]-[0-9]*) + msg "$p (vendor)" + patch -p0 -i "$srcdir"/${p##*/} || return 1 + ;; + esac + done + + default_prepare + update_config_sub +} + +build() { + cd "$builddir" + ./configure \ + --build=$CBUILD \ + --host=$CHOST \ + --prefix=/usr \ + --bindir=/bin \ + --mandir=/usr/share/man \ + --infodir=/usr/share/info \ + --with-curses \ + --disable-nls \ + --enable-readline \ + --without-bash-malloc \ + --with-installed-readline + # parallel build workarounds + make y.tab.c && make builtins/libbuiltins.a && make +} + +check() { + cd "$builddir" + make check +} + +package() { + cd ${startdir}/src/${pkgname}-${_myver} + make DESTDIR=${pkgdir} install + + rm -rf "$pkgdir"/usr/share/locale + install -D -m755 "$srcdir"/bashrc "$pkgdir"/etc/bash/bashrc +} + +binsh() { + pkgdesc="Use bash as /bin/sh" + provides="/bin/sh" + mkdir -p "$subpkgdir"/bin + ln -s /bin/bash "$subpkgdir"/bin/sh +} + +sha512sums="73de3b425faaac55e45456b0f6f6d8077b5dfa7bb76e0d1894a19361b4a2b6bd4fbbe182117ddbfe9b07b4d898fba03537c261badc9533dd3c0da891764c7f29 bash-4.4.tar.gz +9d8845491d0fe335bdd8e9a2bd98bda54bfed2ae3c35b2196c6d5a38bdf96c4d97572ba7d6b19ab605ef4e8f001f64cf3312f87dedebb9e37a95ad2c44e33cdb bash-noinfo.patch +388433e9ab25948747adfa7c2b98021799d5d396e8771d09b5b079054380af3f299f78abef144fe93908f6eff252658137c95ebba9418fe385f0cecbb5795f24 bash44-sensible-defaults.patch +2b6e2e34328f091cbe0882833eab99c6fddbe19a5942382c4c1fbe5b1d20158cfcfcaaaea1f941b9a481be0507b7ea55e6048f79246657019713f0b201318e45 bashrc +fa7a1b277eb3bad6ae7d2c7a2887cbf2c0eb75b7fee8ed03ec1e9d45879a2fb4b8c7cb16d6b029987493b01a461214bd9a24454a6837e7cfe180b1bc56f61caa bash44-001 +526f986057810f89080e283ff95b3a8fd24d37e4ad2f18c39f36d3a2d57956a6441d16220082157735e3c5ccf770d5016e761aa5f309129898e39277d576e6b5 bash44-002 +e61db89bdd1a7ae15013fe258046a343c9ea41e5a1c6d2c810947500a617fce7536b8d51194e14bb42499fe0de6d70cc9b2c81da0afdcb5a2278459f4f76d748 bash44-003 +7570cf15518f79230cfe91b3e58c795c16c7fb6ba6418d967355b36fb7982e7919a9eaaef9177fb605c7fb7d7efb8a8335e725c1bacffff69a098433f5adc9c7 bash44-004 +7546a6c90c8e8508567dde713722291477ca87c1116905b46432514a4fc632840a855b84f102591914cd4c44d5bf2eb7400866e26366fc94525fb401ea844a8f bash44-005 +5edcd76cf97bfe289f71924ba279ff48a1167eb3cc36f811cbcc23732746f5c821d1d39d4b137b7d99d57809a4b7270a54f4a41176fcfde0708bf92ddc68b77f bash44-006 +386c019debee414697abc648d9a77894e842bb0b7a2a71709e8b3398582f25065e68963405fa22fb77439c6b431ee94a2ecbb16734c2436af3dfb4d1b5f06fcf bash44-007 +d9a8924f1c9263deab89153bb688a87f211913ebd72c8077e607db6fdddc7e5af05042dd22a9a2df593e518ea74b54ca79d20afc796e47d871827a2556e233d0 bash44-008 +3b01c080cf4a54658679b36c282a69a9ac48b900b19ceb42dbaf084abd395d50e5ff14db90a7fdf0c9856dad150897dca561160686c931634765782447fc076e bash44-009 +54ff556b62fd88381e7a495db50957b016474973b3a566661c65b649a40960f2d3355221b3a71fb292128aad92a45d73d9816d63833bc416b4d15acdef391b98 bash44-010 +6b5b068b74978fc691749ccff5e094c768047f702430e97114f5bf342f078696f7d7616d0642d4061b062e9112dfe00a1c2309c65de4147e0e98fb52c593d844 bash44-011 +4661c4c132f2ea7c9a70368301041c482d5820d8389334a7e3ae44c36fc16c171b20db2f194b7663c84d6c3dcef81aa90f050a48e205218fc7bd3395d09c6a51 bash44-012" diff --git a/system/bash/bash-noinfo.patch b/system/bash/bash-noinfo.patch new file mode 100644 index 000000000..bf4f0956a --- /dev/null +++ b/system/bash/bash-noinfo.patch @@ -0,0 +1,11 @@ +--- a/doc/Makefile.in ++++ b/doc/Makefile.in +@@ -247,7 +247,7 @@ + $(SHELL) $(SUPPORT_SRCDIR)/mkinstalldirs $(DESTDIR)$(htmldir) ; \ + fi + +-install: info installdirs ++install: installdirs + -$(INSTALL_DATA) $(srcdir)/bash.1 $(DESTDIR)$(man1dir)/bash${man1ext} + -$(INSTALL_DATA) $(srcdir)/bashbug.1 $(DESTDIR)$(man1dir)/bashbug${man1ext} + -$(INSTALL_DATA) $(OTHER_DOCS) $(DESTDIR)$(docdir) diff --git a/system/bash/bash.post-upgrade b/system/bash/bash.post-upgrade new file mode 100644 index 000000000..92ea8d928 --- /dev/null +++ b/system/bash/bash.post-upgrade @@ -0,0 +1,3 @@ +#!/bin/sh +add-shell '/bin/bash' +exit 0 diff --git a/system/bash/bash.pre-deinstall b/system/bash/bash.pre-deinstall new file mode 100644 index 000000000..d110afedd --- /dev/null +++ b/system/bash/bash.pre-deinstall @@ -0,0 +1,3 @@ +#!/bin/sh +remove-shell '/bin/bash' +exit 0 diff --git a/system/bash/bash44-sensible-defaults.patch b/system/bash/bash44-sensible-defaults.patch new file mode 100644 index 000000000..4d11afd2d --- /dev/null +++ b/system/bash/bash44-sensible-defaults.patch @@ -0,0 +1,25 @@ +diff -Naur bash-4.4/config-top.h bash-4.4-adelieconf/config-top.h +--- bash-4.4/config-top.h 2016-05-19 18:34:02.000000000 +0000 ++++ bash-4.4-adelieconf/config-top.h 2018-02-06 01:07:33.736749439 +0000 +@@ -87,10 +87,10 @@ + #define DEFAULT_BASHRC "~/.bashrc" + + /* System-wide .bashrc file for interactive shells. */ +-/* #define SYS_BASHRC "/etc/bash.bashrc" */ ++#define SYS_BASHRC "/etc/bash/bashrc" + + /* System-wide .bash_logout for login shells. */ +-/* #define SYS_BASH_LOGOUT "/etc/bash.bash_logout" */ ++#define SYS_BASH_LOGOUT "/etc/bash/bash_logout" + + /* Define this to make non-interactive shells begun with argv[0][0] == '-' + run the startup files when not in posix mode. */ +@@ -100,7 +100,7 @@ + sshd and source the .bashrc if so (like the rshd behavior). This checks + for the presence of SSH_CLIENT or SSH2_CLIENT in the initial environment, + which can be fooled under certain not-uncommon circumstances. */ +-/* #define SSH_SOURCE_BASHRC */ ++#define SSH_SOURCE_BASHRC + + /* Define if you want the case-capitalizing operators (~[~]) and the + `capcase' variable attribute (declare -c). */ diff --git a/system/bash/bashrc b/system/bash/bashrc new file mode 100644 index 000000000..c4ae18bb9 --- /dev/null +++ b/system/bash/bashrc @@ -0,0 +1,71 @@ +# Welcome to Adélie Linux +# /etc/bash/bashrc - run by bash on every startup + +# Prior to 1.0a3, we did a lot of heavy lifting here. +# Massive cleanup for 1.0a3 makes things faster and more efficient. + +# No interactivity = no point +if [[ $- != *i* ]]; then + return +fi + +# Extra stat(3) call to invalidate hash cache. Better UX, but lots of waste. +# shopt -s checkhash + +# Handle window resizing after a curses program quits +shopt -s checkwinsize + +# Append instead of overwriting histfile. +shopt -s histappend + +# Allow users to correct typos in history substs. +shopt -s histreedit + +# Save commands as they were typed. +shopt -s lithist + +# Don't show every command available if a user types \t on a bare line +shopt -s no_empty_cmd_completion + +# Expand things like \n \r \t when using built-in echo(1). +shopt -s xpg_echo + + +do_colour() { + local colourise=false + LS_COLORS= + eval "$(dircolors -b)" + if [[ -n ${LS_COLORS:+set} ]]; then + colourise=true + else + unset LS_COLORS + fi + + if ${colourise} ; then + if [[ ${EUID} == 0 ]] ; then + PS1='\[\e[01m\]\h\[\e[22m\] \[\e[01;36m\]\w\[\e[00m\] \[\e[01;31m\]\$\[\e[00m\] ' + else + PS1='\u on \[\e[01m\]\h\[\e[22m\] \w \[\e[01;32m\$\[\e[00m\] ' + fi + + alias ls='ls --color=auto' + alias grep='grep --colour=auto' + alias egrep='egrep --colour=auto' + alias fgrep='fgrep --colour=auto' + else + if [[ ${EUID} == 0 ]] ; then + # show root@ when we don't have colors + PS1='! \u on \h \w \$ ' + else + PS1='\u on \h \w \$ ' + fi + fi +} + +do_colour + +for sh in /etc/bash/bashrc.d/* ; do + [[ -r ${sh} ]] && source "${sh}" +done + +unset do_colour diff --git a/system/binutils/APKBUILD b/system/binutils/APKBUILD new file mode 100644 index 000000000..5fa5c7d6e --- /dev/null +++ b/system/binutils/APKBUILD @@ -0,0 +1,140 @@ +# Maintainer: Natanael Copa <ncopa@alpinelinux.org> +pkgname=binutils +pkgver=2.30 +pkgrel=0 +pkgdesc="Tools necessary to build programs" +url="http://www.gnu.org/software/binutils/" +depends="" +makedepends_build="bison flex texinfo" +makedepends_host="zlib-dev" +makedepends="$makedepends_build $makedepends_host" +checkdepends="dejagnu" +arch="all" +license="GPL2 GPL3+ LGPL2 BSD" +subpackages="$pkgname-dev $pkgname-doc $pkgname-libs" +[ "${CARCH}" != "mips" ] && subpackages="$subpackages $pkgname-gold" +# non-PIC is unsupported by musl/ppc +[ "${CARCH}" == "ppc" ] && options='!check' +source="http://ftp.gnu.org/gnu/$pkgname/$pkgname-$pkgver.tar.xz + binutils-ld-fix-static-linking.patch + disable-gnu-mbind.patch + disable-ifunc-tests.patch + disable-preinit-array-tests.patch + mips-illegal-memcpy.patch + remove-no-static-plt-test.patch + remove-pr2404-tests.patch + remove-pr19553c-test.patch + gold-mips.patch + " +builddir="$srcdir/$pkgname-$pkgver" + +if [ "$CHOST" != "$CTARGET" ]; then + pkgname="$pkgname-$CTARGET_ARCH" + subpackages="" + options="!check" + sonameprefix="$pkgname:" +fi + +# secfixes: +# 2.28-r1: +# - CVE-2017-7614 + +build() { + local _sysroot=/ + local _cross_configure="--enable-install-libiberty" + local _arch_configure="" + + if [ "$CHOST" != "$CTARGET" ]; then + _sysroot="$CBUILDROOT" + _cross_configure="--disable-install-libiberty" + fi + + if [ "$CTARGET_ARCH" = "x86_64" ]; then + _arch_configure="--enable-targets=x86_64-pep" + fi + + case "$CTARGET_ARCH" in + mips*) _hash_style_configure="--enable-default-hash-style=sysv" ;; + *) _hash_style_configure="--enable-default-hash-style=gnu" ;; + esac + + cd "$builddir" + ./configure \ + --build=$CBUILD \ + --host=$CHOST \ + --target=$CTARGET \ + --with-build-sysroot="$CBUILDROOT" \ + --with-sysroot=$_sysroot \ + --prefix=/usr \ + --mandir=/usr/share/man \ + --infodir=/usr/share/info \ + --disable-multilib \ + --enable-shared \ + --enable-ld=default \ + --enable-64-bit-bfd \ + --enable-plugins \ + --enable-relro \ + --enable-gold \ + --enable-deterministic-archives \ + $_cross_configure \ + $_arch_configure \ + $_hash_style_configure \ + --disable-werror \ + --disable-nls \ + --with-system-zlib \ + || return 1 + make || return 1 +} + +package() { + cd "$builddir" + make install DESTDIR="$pkgdir" || return 1 + if [ -d "$pkgdir"/usr/lib64 ]; then + mv "$pkgdir"/usr/lib64/* "$pkgdir"/usr/lib/ + rmdir "$pkgdir"/usr/lib64 + fi + if [ "$CHOST" != "$CTARGET" ]; then + # creating cross tools: remove any files that would conflict + # with the native tools, or other cross tools + rm -r "$pkgdir"/usr/share + rm -f "$pkgdir"/usr/lib/libiberty.a + fi +} + +check() { + cd "$builddir" + # We can't run the gold test suite, because it cannot be used + # on a system with default PIE/PIC. + make -C binutils check + make -C gas check + make -C ld check +} + +libs() { + pkgdesc="Runtime libraries from binutils - libbfd and libopcodes" + + mkdir -p "$subpkgdir"/usr/lib + mv "$pkgdir"/usr/lib/lib*.so "$subpkgdir"/usr/lib/ || return 1 +} + +gold() { + pkgdesc="GNU binutils - gold linker" + + if [ -e "$pkgdir"/usr/bin/ld.gold ]; then + mkdir -p "$subpkgdir"/usr/bin + mv "$pkgdir"/usr/bin/ld.gold "$subpkgdir"/usr/bin + fi + mkdir -p "$subpkgdir"/usr/$CTARGET/bin + mv "$pkgdir"/usr/$CTARGET/bin/ld.gold "$subpkgdir"/usr/$CTARGET/bin/ld.gold +} + +sha512sums="e747ea20d8d79fcd21b9d9f6695059caa7189d60f19256da398e34b789fea9a133c32b192e9693b5828d27683739b0198431bf8b3e39fb3b04884cf89d9aa839 binutils-2.30.tar.xz +ecee33b0e435aa704af1c334e560f201638ff79e199aa11ed78a72f7c9b46f85fbb227af5748e735fd681d1965fcc42ac81b0c8824e540430ce0c706c81e8b49 binutils-ld-fix-static-linking.patch +d378fdf1964f8f2bd0b1e62827ac5884bdf943aa435ec89c29fc84bb045d406b733fffaff8fdd8bd1cba8ddea7701c4cf6ccf3ed76a8a3df9c72b447737575a6 disable-gnu-mbind.patch +ba2b5c8cdfa95db7a1f05da8a2c1ffc3bcb35300abf7061e52249d9b29037e3fdef1aed830686bca2df74b9f5d48684e9c8e2f49715455bf90dca6e3bfc077eb disable-ifunc-tests.patch +3537752e63cef0b5ef136d003ff7e814ba66b12624d817430112d0f291a792e8960fa69a78036f526af835441b3ee483d6a53d55c7b3dd8ee96f0399682dbcbe disable-preinit-array-tests.patch +06422157349abf02e79a5ef8bd9f51100e7e996aab65250d518e0cf0d7ac8ed922d3bf1603c4f5b4fd8fb179266b7b4c41db32dcb241d60a7f1c21d1df0c36dd mips-illegal-memcpy.patch +b40f9a3841a7af8fc12e8a4044cd672df5614bfda8461b0ca45efa57a42c3bc8490e491ea490c6c05d319a52d69993c4fca33a0aeb044090e7b7f4e4e30c6517 remove-no-static-plt-test.patch +32ab4215669c728648179c124632467573a3d4675e79f0f0d221c22eb2ec1ca5488b79910bd09142f90a1e0d0b81d99ca4846297f4f9561f158db63745facb66 remove-pr2404-tests.patch +39ef9c76dd5db6b15f11ffa8061f7ca844fb79c3fb9879c3b1466eef332a28b833597c87003ab9f260b1b85023fae264659088aee27cad7e5aa77b2d58b9a3f6 remove-pr19553c-test.patch +f55cf2e0bf82f97583a1abe10710e4013ecf7d64f1da2ef8659a44a06d0dd8beaf58dab98a183488ea137f03e32d62efc878d95f018f836f8cec870bc448556f gold-mips.patch" diff --git a/system/binutils/CVE-2017-7614.patch b/system/binutils/CVE-2017-7614.patch new file mode 100644 index 000000000..5f3b550f2 --- /dev/null +++ b/system/binutils/CVE-2017-7614.patch @@ -0,0 +1,84 @@ +From ad32986fdf9da1c8748e47b8b45100398223dba8 Mon Sep 17 00:00:00 2001 +From: Nick Clifton <nickc@redhat.com> +Date: Tue, 4 Apr 2017 11:23:36 +0100 +Subject: [PATCH] Fix null pointer dereferences when using a link built with + clang. + + PR binutils/21342 + * elflink.c (_bfd_elf_define_linkage_sym): Prevent null pointer + dereference. + (bfd_elf_final_link): Only initialize the extended symbol index + section if there are extended symbol tables to list. +--- + bfd/elflink.c | 35 +++++++++++++++++++++-------------- + 2 files changed, 29 insertions(+), 14 deletions(-) + +diff --git a/bfd/elflink.c b/bfd/elflink.c +index 776357f..9bf75c8 100644 +--- a/bfd/elflink.c ++++ b/bfd/elflink.c +@@ -119,15 +119,18 @@ _bfd_elf_define_linkage_sym (bfd *abfd, + defined in shared libraries can't be overridden, because we + lose the link to the bfd which is via the symbol section. */ + h->root.type = bfd_link_hash_new; ++ bh = &h->root; + } ++ else ++ bh = NULL; + +- bh = &h->root; + bed = get_elf_backend_data (abfd); + if (!_bfd_generic_link_add_one_symbol (info, abfd, name, BSF_GLOBAL, + sec, 0, NULL, FALSE, bed->collect, + &bh)) + return NULL; + h = (struct elf_link_hash_entry *) bh; ++ BFD_ASSERT (h != NULL); + h->def_regular = 1; + h->non_elf = 0; + h->root.linker_def = 1; +@@ -12038,24 +12041,28 @@ bfd_elf_final_link (bfd *abfd, struct bfd_link_info *info) + { + /* Finish up and write out the symbol string table (.strtab) + section. */ +- Elf_Internal_Shdr *symstrtab_hdr; ++ Elf_Internal_Shdr *symstrtab_hdr = NULL; + file_ptr off = symtab_hdr->sh_offset + symtab_hdr->sh_size; + +- symtab_shndx_hdr = & elf_symtab_shndx_list (abfd)->hdr; +- if (symtab_shndx_hdr != NULL && symtab_shndx_hdr->sh_name != 0) ++ if (elf_symtab_shndx_list (abfd)) + { +- symtab_shndx_hdr->sh_type = SHT_SYMTAB_SHNDX; +- symtab_shndx_hdr->sh_entsize = sizeof (Elf_External_Sym_Shndx); +- symtab_shndx_hdr->sh_addralign = sizeof (Elf_External_Sym_Shndx); +- amt = bfd_get_symcount (abfd) * sizeof (Elf_External_Sym_Shndx); +- symtab_shndx_hdr->sh_size = amt; ++ symtab_shndx_hdr = & elf_symtab_shndx_list (abfd)->hdr; + +- off = _bfd_elf_assign_file_position_for_section (symtab_shndx_hdr, +- off, TRUE); ++ if (symtab_shndx_hdr != NULL && symtab_shndx_hdr->sh_name != 0) ++ { ++ symtab_shndx_hdr->sh_type = SHT_SYMTAB_SHNDX; ++ symtab_shndx_hdr->sh_entsize = sizeof (Elf_External_Sym_Shndx); ++ symtab_shndx_hdr->sh_addralign = sizeof (Elf_External_Sym_Shndx); ++ amt = bfd_get_symcount (abfd) * sizeof (Elf_External_Sym_Shndx); ++ symtab_shndx_hdr->sh_size = amt; + +- if (bfd_seek (abfd, symtab_shndx_hdr->sh_offset, SEEK_SET) != 0 +- || (bfd_bwrite (flinfo.symshndxbuf, amt, abfd) != amt)) +- return FALSE; ++ off = _bfd_elf_assign_file_position_for_section (symtab_shndx_hdr, ++ off, TRUE); ++ ++ if (bfd_seek (abfd, symtab_shndx_hdr->sh_offset, SEEK_SET) != 0 ++ || (bfd_bwrite (flinfo.symshndxbuf, amt, abfd) != amt)) ++ return FALSE; ++ } + } + + symstrtab_hdr = &elf_tdata (abfd)->strtab_hdr; +-- +2.9.3 + diff --git a/system/binutils/binutils-ld-fix-static-linking.patch b/system/binutils/binutils-ld-fix-static-linking.patch new file mode 100644 index 000000000..bc5d76265 --- /dev/null +++ b/system/binutils/binutils-ld-fix-static-linking.patch @@ -0,0 +1,46 @@ +This fixes static linking for our hardened toolchain +diff --git a/ld/scripttempl/elf.sc b/ld/scripttempl/elf.sc +index e8126cb..9532bfb 100644 +--- a/ld/scripttempl/elf.sc ++++ b/ld/scripttempl/elf.sc +@@ -235,8 +235,8 @@ test "${LARGE_SECTIONS}" = "yes" && LARGE_SECTIONS=" + if test "${ENABLE_INITFINI_ARRAY}" = "yes"; then + SORT_INIT_ARRAY="KEEP (*(SORT_BY_INIT_PRIORITY(.init_array.*) SORT_BY_INIT_PRIORITY(.ctors.*)))" + SORT_FINI_ARRAY="KEEP (*(SORT_BY_INIT_PRIORITY(.fini_array.*) SORT_BY_INIT_PRIORITY(.dtors.*)))" +- CTORS_IN_INIT_ARRAY="EXCLUDE_FILE (*crtbegin.o *crtbegin?.o *crtend.o *crtend?.o $OTHER_EXCLUDE_FILES) .ctors" +- DTORS_IN_FINI_ARRAY="EXCLUDE_FILE (*crtbegin.o *crtbegin?.o *crtend.o *crtend?.o $OTHER_EXCLUDE_FILES) .dtors" ++ CTORS_IN_INIT_ARRAY="EXCLUDE_FILE (*crtbegin*.o *crtend*.o $OTHER_EXCLUDE_FILES) .ctors" ++ DTORS_IN_FINI_ARRAY="EXCLUDE_FILE (*crtbegin*.o *crtend*.o $OTHER_EXCLUDE_FILES) .dtors" + else + SORT_INIT_ARRAY="KEEP (*(SORT(.init_array.*)))" + SORT_FINI_ARRAY="KEEP (*(SORT(.fini_array.*)))" +@@ -270,15 +270,14 @@ CTOR=".ctors ${CONSTRUCTING-0} : + doesn't matter which directory crtbegin.o + is in. */ + +- KEEP (*crtbegin.o(.ctors)) +- KEEP (*crtbegin?.o(.ctors)) ++ KEEP (*crtbegin*.o(.ctors)) + + /* We don't want to include the .ctor section from + the crtend.o file until after the sorted ctors. + The .ctor section from the crtend file contains the + end of ctors marker and it must be last */ + +- KEEP (*(EXCLUDE_FILE (*crtend.o *crtend?.o $OTHER_EXCLUDE_FILES) .ctors)) ++ KEEP (*(EXCLUDE_FILE (*crtend*.o $OTHER_EXCLUDE_FILES) .ctors)) + KEEP (*(SORT(.ctors.*))) + KEEP (*(.ctors)) + ${CONSTRUCTING+${CTOR_END}} +@@ -286,9 +285,8 @@ CTOR=".ctors ${CONSTRUCTING-0} : + DTOR=".dtors ${CONSTRUCTING-0} : + { + ${CONSTRUCTING+${DTOR_START}} +- KEEP (*crtbegin.o(.dtors)) +- KEEP (*crtbegin?.o(.dtors)) +- KEEP (*(EXCLUDE_FILE (*crtend.o *crtend?.o $OTHER_EXCLUDE_FILES) .dtors)) ++ KEEP (*crtbegin*.o(.dtors)) ++ KEEP (*(EXCLUDE_FILE (*crtend*.o $OTHER_EXCLUDE_FILES) .dtors)) + KEEP (*(SORT(.dtors.*))) + KEEP (*(.dtors)) + ${CONSTRUCTING+${DTOR_END}} diff --git a/system/binutils/disable-gnu-mbind.patch b/system/binutils/disable-gnu-mbind.patch new file mode 100644 index 000000000..796e6d0fc --- /dev/null +++ b/system/binutils/disable-gnu-mbind.patch @@ -0,0 +1,32 @@ +These tests do not work on PIE. Disable them. + +--- binutils-2.29/ld/testsuite/ld-elf/elf.exp.old 2017-08-19 22:39:31.236907813 +0000 ++++ binutils-2.29/ld/testsuite/ld-elf/elf.exp 2017-08-20 00:12:04.735925829 +0000 +@@ -296,27 +296,6 @@ + || [istarget *-*-nacl*] + || [istarget *-*-gnu*] } { + run_ld_link_exec_tests $array_tests_pie $xfails +- +- run_ld_link_exec_tests [list \ +- [list \ +- "Run mbind2a" \ +- "$NOPIE_LDFLAGS -Wl,-z,common-page-size=0x4000" \ +- "" \ +- { mbind2a.s mbind2b.c } \ +- "mbind2a" \ +- "pass.out" \ +- "-O2 -I../bfd" \ +- ] \ +- [list \ +- "Run mbind2b" \ +- "-static -Wl,-z,common-page-size=0x4000" \ +- "" \ +- { mbind2a.s mbind2b.c } \ +- "mbind2b" \ +- "pass.out" \ +- "-O2 -I../bfd" \ +- ] \ +- ] + } + + # <http://www.gnu.org/software/hurd/open_issues/binutils.html#static> diff --git a/system/binutils/disable-ifunc-tests.patch b/system/binutils/disable-ifunc-tests.patch new file mode 100644 index 000000000..6fbc5c874 --- /dev/null +++ b/system/binutils/disable-ifunc-tests.patch @@ -0,0 +1,12 @@ +--- binutils-2.30/ld/testsuite/ld-ifunc/ifunc.exp.old 2018-01-13 07:31:16.000000000 -0600 ++++ binutils-2.30/ld/testsuite/ld-ifunc/ifunc.exp 2018-02-27 14:46:07.596544780 -0600 +@@ -36,7 +36,8 @@ + || (([istarget "*-*-linux*"] + || [istarget "*-*-gnu*"]) + && ![istarget "*-*-*aout*"] +- && ![istarget "*-*-*oldld*"]))) } { ++ && ![istarget "*-*-*oldld*"] ++ && ![istarget "*-*-*musl*"]))) } { + verbose "IFUNC tests not run - target does not support IFUNC" + return + } diff --git a/system/binutils/disable-preinit-array-tests.patch b/system/binutils/disable-preinit-array-tests.patch new file mode 100644 index 000000000..f3d36c1b3 --- /dev/null +++ b/system/binutils/disable-preinit-array-tests.patch @@ -0,0 +1,29 @@ +--- binutils-2.29/ld/testsuite/ld-elf/elf.exp.old 2017-07-04 08:43:21.000000000 +0000 ++++ binutils-2.29/ld/testsuite/ld-elf/elf.exp 2017-08-19 04:46:32.214460537 +0000 +@@ -262,8 +262,6 @@ + } + + set array_tests { +- {"preinit array" "" "" +- {preinit.c} "preinit" "preinit.out"} + {"init array" "" "" + {init.c} "init" "init.out"} + {"fini array" "" "" +@@ -272,8 +270,6 @@ + {init-mixed.c} "init-mixed" "init-mixed.out" "-I."} + } + set array_tests_pie { +- {"PIE preinit array" "-pie" "" +- {preinit.c} "preinit" "preinit.out" "-fPIE"} + {"PIE init array" "-pie" "" + {init.c} "init" "init.out" "-fPIE"} + {"PIE fini array" "-pie" "" +@@ -284,8 +280,6 @@ + {pr14525.c} "pr14525" "pr14525.out" "-fPIE"} + } + set array_tests_static { +- {"static preinit array" "-static" "" +- {preinit.c} "preinit" "preinit.out"} + {"static init array" "-static" "" + {init.c} "init" "init.out"} + {"static fini array" "-static" "" diff --git a/system/binutils/gold-mips.patch b/system/binutils/gold-mips.patch new file mode 100644 index 000000000..291a2aae6 --- /dev/null +++ b/system/binutils/gold-mips.patch @@ -0,0 +1,39 @@ +# DP: Fix gold on mips64 targets. + +gold/ + +2016-08-09 Aurelien Jarno <aurelien@aurel32.net> + + * configure.tgt: Add mips64el*-*-*|mips64le*-*-* and mips64*-*-*. + + +--- a/gold/configure.tgt ++++ b/gold/configure.tgt +@@ -153,6 +153,13 @@ aarch64*-*) + targ_big_endian=false + targ_extra_big_endian=true + ;; ++mips*64*el*-*-*|mips*64*le*-*-*) ++ targ_obj=mips ++ targ_machine=EM_MIPS_RS3_LE ++ targ_size=64 ++ targ_big_endian=false ++ targ_extra_big_endian=true ++ ;; + mips*el*-*-*|mips*le*-*-*) + targ_obj=mips + targ_machine=EM_MIPS_RS3_LE +@@ -160,6 +167,13 @@ mips*el*-*-*|mips*le*-*-*) + targ_big_endian=false + targ_extra_big_endian=true + ;; ++mips*64*-*-*) ++ targ_obj=mips ++ targ_machine=EM_MIPS ++ targ_size=64 ++ targ_big_endian=true ++ targ_extra_big_endian=false ++ ;; + mips*-*-*) + targ_obj=mips + targ_machine=EM_MIPS diff --git a/system/binutils/hash-style-configure-flag.patch b/system/binutils/hash-style-configure-flag.patch new file mode 100644 index 000000000..6d4db4bca --- /dev/null +++ b/system/binutils/hash-style-configure-flag.patch @@ -0,0 +1,348 @@ +From 2760f24c4942853eac7b921e4b8843d57a602654 Mon Sep 17 00:00:00 2001 +From: Romain Geissler <romain.geissler@gmail.com> +Date: Tue, 8 Aug 2017 07:25:39 +0930 +Subject: [PATCH] Add configure flag to enable gnu hash style by default. + +ld/ + * configure.ac: Add --enable-default-hash-style option. + * ldmain.c (main): Set link_info.emit_hash to DEFAULT_EMIT_SYSV_HASH. + Set link_info.emit_gnu_hash to DEFAULT_EMIT_GNU_HASH. + * configure: Regenerate. + * config.in: Regenerate. + +gold/ + * configure.ac: Add --enable-default-hash-style option. + * options.h (hash_style): Use DEFAULT_HASH_STYLE as default value. + * configure: Regenerate. + * config.in: Regenerate. +--- + gold/ChangeLog | 8 ++++++++ + gold/config.in | 3 +++ + gold/configure | 27 +++++++++++++++++++++++++++ + gold/configure.ac | 20 ++++++++++++++++++++ + gold/options.h | 2 +- + ld/ChangeLog | 9 +++++++++ + ld/config.in | 6 ++++++ + ld/configure | 42 ++++++++++++++++++++++++++++++++++++++---- + ld/configure.ac | 34 ++++++++++++++++++++++++++++++++++ + ld/ldmain.c | 3 ++- + 10 files changed, 148 insertions(+), 6 deletions(-) + +diff --git a/gold/ChangeLog b/gold/ChangeLog +index d598386..93836dd 100644 +--- a/gold/ChangeLog ++++ b/gold/ChangeLog +@@ -1,3 +1,11 @@ ++2017-08-08 Romain Geissler <romain.geissler@gmail.com> ++ Alan Modra <amodra@gmail.com> ++ ++ * configure.ac: Add --enable-default-hash-style option. ++ * options.h (hash_style): Use DEFAULT_HASH_STYLE as default value. ++ * configure: Regenerate. ++ * config.in: Regenerate. ++ + 2017-02-22 Alan Modra <amodra@gmail.com> + + * powerpc.cc (Target_powerpc::make_iplt_section): Check that +diff --git a/gold/config.in b/gold/config.in +index d9f7b76..5855fca 100644 +--- a/gold/config.in ++++ b/gold/config.in +@@ -10,6 +10,9 @@ + /* Define if building universal (internal helper macro) */ + #undef AC_APPLE_UNIVERSAL_BUILD + ++/* Set the default --hash-style value */ ++#undef DEFAULT_HASH_STYLE ++ + /* Define to 1 if you want to enable -z relro in ELF linker by default. */ + #undef DEFAULT_LD_Z_RELRO + +diff --git a/gold/configure b/gold/configure +index cb020be..90a706d 100755 +--- a/gold/configure ++++ b/gold/configure +@@ -797,6 +797,7 @@ enable_threads + enable_plugins + enable_relro + enable_targets ++enable_default_hash_style + with_lib_path + enable_dependency_tracking + enable_nls +@@ -1447,6 +1448,8 @@ Optional Features: + --enable-plugins linker plugins + --enable-relro enable -z relro in ELF linker by default + --enable-targets alternative target configurations ++ --enable-default-hash-style={sysv,gnu,both} ++ use this default hash style + --disable-dependency-tracking speeds up one-time build + --enable-dependency-tracking do not reject slow dependency extractors + --disable-nls do not use Native Language Support +@@ -3410,6 +3413,30 @@ if test -n "$enable_targets"; then + done + fi + ++# Decide which "--hash-style" to use by default ++# Provide a configure time option to override our default. ++# Check whether --enable-default-hash-style was given. ++if test "${enable_default_hash_style+set}" = set; then : ++ enableval=$enable_default_hash_style; case "${enable_default_hash_style}" in ++ sysv | gnu | both) ;; ++ *) as_fn_error "bad value ${enable_default_hash_style} for enable-default-hash-style option" "$LINENO" 5 ;; ++esac ++else ++ case "${target}" in ++ # Enable gnu hash only on GNU targets, but not mips ++ mips*-*-*) enable_default_hash_style=sysv ;; ++ *-*-gnu* | *-*-linux* | *-*-nacl*) enable_default_hash_style=both ;; ++ *) enable_default_hash_style=sysv ;; ++esac ++fi ++ ++ ++ ++cat >>confdefs.h <<_ACEOF ++#define DEFAULT_HASH_STYLE "${enable_default_hash_style}" ++_ACEOF ++ ++ + # See which specific instantiations we need. + targetobjs= + all_targets= +diff --git a/gold/configure.ac b/gold/configure.ac +index cbe3380..d7fa1f8 100644 +--- a/gold/configure.ac ++++ b/gold/configure.ac +@@ -161,6 +161,26 @@ if test -n "$enable_targets"; then + done + fi + ++# Decide which "--hash-style" to use by default ++# Provide a configure time option to override our default. ++AC_ARG_ENABLE([default-hash-style], ++AS_HELP_STRING([--enable-default-hash-style={sysv,gnu,both}], ++ [use this default hash style]), ++[case "${enable_default_hash_style}" in ++ sysv | gnu | both) ;; ++ *) AC_MSG_ERROR([bad value ${enable_default_hash_style} for enable-default-hash-style option]) ;; ++esac], ++[case "${target}" in ++ # Enable gnu hash only on GNU targets, but not mips ++ mips*-*-*) enable_default_hash_style=sysv ;; ++ *-*-gnu* | *-*-linux* | *-*-nacl*) enable_default_hash_style=both ;; ++ *) enable_default_hash_style=sysv ;; ++esac]) ++ ++AC_DEFINE_UNQUOTED([DEFAULT_HASH_STYLE], ++ ["${enable_default_hash_style}"], ++ [Set the default --hash-style value]) ++ + # See which specific instantiations we need. + targetobjs= + all_targets= +diff --git a/gold/options.h b/gold/options.h +index a8b1d46..ce21a42 100644 +--- a/gold/options.h ++++ b/gold/options.h +@@ -921,7 +921,7 @@ class General_options + N_("Min fraction of empty buckets in dynamic hash"), + N_("FRACTION")); + +- DEFINE_enum(hash_style, options::TWO_DASHES, '\0', "sysv", ++ DEFINE_enum(hash_style, options::TWO_DASHES, '\0', DEFAULT_HASH_STYLE, + N_("Dynamic hash style"), N_("[sysv,gnu,both]"), + {"sysv", "gnu", "both"}); + +diff --git a/ld/ChangeLog b/ld/ChangeLog +index ba7d1d4..cf91d55 100644 +--- a/ld/ChangeLog ++++ b/ld/ChangeLog +@@ -1,3 +1,12 @@ ++2017-08-08 Romain Geissler <romain.geissler@gmail.com> ++ Alan Modra <amodra@gmail.com> ++ ++ * configure.ac: Add --enable-default-hash-style option. ++ * ldmain.c (main): Set link_info.emit_hash to DEFAULT_EMIT_SYSV_HASH. ++ Set link_info.emit_gnu_hash to DEFAULT_EMIT_GNU_HASH. ++ * configure: Regenerate. ++ * config.in: Regenerate. ++ + 2017-03-02 Tristan Gingold <gingold@adacore.com> + + * configure: Regenerate. +diff --git a/ld/config.in b/ld/config.in +index 2c6d698..b2318e1 100644 +--- a/ld/config.in ++++ b/ld/config.in +@@ -7,6 +7,12 @@ + #endif + #define __CONFIG_H__ 1 + ++/* Define to 1 if you want to emit gnu hash in the ELF linker by default. */ ++#undef DEFAULT_EMIT_GNU_HASH ++ ++/* Define to 1 if you want to emit sysv hash in the ELF linker by default. */ ++#undef DEFAULT_EMIT_SYSV_HASH ++ + /* Define if you want compressed debug sections by default. */ + #undef DEFAULT_FLAG_COMPRESS_DEBUG + +diff --git a/ld/configure b/ld/configure +index 36af969..40c67fd 100755 +--- a/ld/configure ++++ b/ld/configure +@@ -793,6 +793,7 @@ enable_gold + enable_got + enable_compressed_debug_sections + enable_relro ++enable_default_hash_style + enable_werror + enable_build_warnings + enable_nls +@@ -1452,6 +1453,8 @@ Optional Features: + --enable-compressed-debug-sections={all,ld,none} + compress debug sections by default] + --enable-relro enable -z relro in ELF linker by default ++ --enable-default-hash-style={sysv,gnu,both} ++ use this default hash style + --enable-werror treat compile warnings as errors + --enable-build-warnings enable build-time compiler warnings + --disable-nls do not use Native Language Support +@@ -11724,7 +11727,7 @@ else + lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 + lt_status=$lt_dlunknown + cat > conftest.$ac_ext <<_LT_EOF +-#line 11727 "configure" ++#line 11730 "configure" + #include "confdefs.h" + + #if HAVE_DLFCN_H +@@ -11830,7 +11833,7 @@ else + lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 + lt_status=$lt_dlunknown + cat > conftest.$ac_ext <<_LT_EOF +-#line 11833 "configure" ++#line 11836 "configure" + #include "confdefs.h" + + #if HAVE_DLFCN_H +@@ -15555,6 +15558,33 @@ if test "${enable_relro+set}" = set; then : + esac + fi + ++# Decide which "--hash-style" to use by default ++# Provide a configure time option to override our default. ++# Check whether --enable-default-hash-style was given. ++if test "${enable_default_hash_style+set}" = set; then : ++ enableval=$enable_default_hash_style; case "${enable_default_hash_style}" in ++ sysv | gnu | both) ;; ++ *) as_fn_error "bad value ${enable_default_hash_style} for enable-default-hash-style option" "$LINENO" 5 ;; ++esac ++else ++ case "${target}" in ++ # Enable gnu hash only on GNU targets, but not mips ++ mips*-*-*) enable_default_hash_style=sysv ;; ++ *-*-gnu* | *-*-linux* | *-*-nacl*) enable_default_hash_style=both ;; ++ *) enable_default_hash_style=sysv ;; ++esac ++fi ++ ++ ++case "${enable_default_hash_style}" in ++ sysv | both) ac_default_emit_sysv_hash=1 ;; ++ *) ac_default_emit_sysv_hash=0 ;; ++esac ++ ++case "${enable_default_hash_style}" in ++ gnu | both) ac_default_emit_gnu_hash=1 ;; ++ *) ac_default_emit_gnu_hash=0 ;; ++esac + + # Set the 'development' global. + . $srcdir/../bfd/development.sh +@@ -17212,9 +17242,13 @@ cat >>confdefs.h <<_ACEOF + #define DEFAULT_LD_Z_RELRO $ac_default_ld_z_relro + _ACEOF + ++cat >>confdefs.h <<_ACEOF ++#define DEFAULT_EMIT_SYSV_HASH $ac_default_emit_sysv_hash ++_ACEOF + +- +- ++cat >>confdefs.h <<_ACEOF ++#define DEFAULT_EMIT_GNU_HASH $ac_default_emit_gnu_hash ++_ACEOF + + + +diff --git a/ld/configure.ac b/ld/configure.ac +index 36a9f50..1876ad7 100644 +--- a/ld/configure.ac ++++ b/ld/configure.ac +@@ -166,6 +166,32 @@ AC_ARG_ENABLE(relro, + no) ac_default_ld_z_relro=0 ;; + esac])dnl + ++# Decide which "--hash-style" to use by default ++# Provide a configure time option to override our default. ++AC_ARG_ENABLE([default-hash-style], ++AS_HELP_STRING([--enable-default-hash-style={sysv,gnu,both}], ++ [use this default hash style]), ++[case "${enable_default_hash_style}" in ++ sysv | gnu | both) ;; ++ *) AC_MSG_ERROR([bad value ${enable_default_hash_style} for enable-default-hash-style option]) ;; ++esac], ++[case "${target}" in ++ # Enable gnu hash only on GNU targets, but not mips ++ mips*-*-*) enable_default_hash_style=sysv ;; ++ *-*-gnu* | *-*-linux* | *-*-nacl*) enable_default_hash_style=both ;; ++ *) enable_default_hash_style=sysv ;; ++esac]) ++ ++case "${enable_default_hash_style}" in ++ sysv | both) ac_default_emit_sysv_hash=1 ;; ++ *) ac_default_emit_sysv_hash=0 ;; ++esac ++ ++case "${enable_default_hash_style}" in ++ gnu | both) ac_default_emit_gnu_hash=1 ;; ++ *) ac_default_emit_gnu_hash=0 ;; ++esac ++ + AM_BINUTILS_WARNINGS + + AM_LC_MESSAGES +@@ -394,6 +420,14 @@ AC_DEFINE_UNQUOTED(DEFAULT_LD_Z_RELRO, + $ac_default_ld_z_relro, + [Define to 1 if you want to enable -z relro in ELF linker by default.]) + ++AC_DEFINE_UNQUOTED([DEFAULT_EMIT_SYSV_HASH], ++ [$ac_default_emit_sysv_hash], ++ [Define to 1 if you want to emit sysv hash in the ELF linker by default.]) ++ ++AC_DEFINE_UNQUOTED([DEFAULT_EMIT_GNU_HASH], ++ [$ac_default_emit_gnu_hash], ++ [Define to 1 if you want to emit gnu hash in the ELF linker by default.]) ++ + AC_SUBST(elf_list_options) + AC_SUBST(elf_shlib_list_options) + AC_SUBST(elf_plt_unwind_list_options) +diff --git a/ld/ldmain.c b/ld/ldmain.c +index 1e48b1a..579d961 100644 +--- a/ld/ldmain.c ++++ b/ld/ldmain.c +@@ -282,7 +282,8 @@ main (int argc, char **argv) + link_info.keep_memory = TRUE; + link_info.combreloc = TRUE; + link_info.strip_discarded = TRUE; +- link_info.emit_hash = TRUE; ++ link_info.emit_hash = DEFAULT_EMIT_SYSV_HASH; ++ link_info.emit_gnu_hash = DEFAULT_EMIT_GNU_HASH; + link_info.callbacks = &link_callbacks; + link_info.input_bfds_tail = &link_info.input_bfds; + /* SVR4 linkers seem to set DT_INIT and DT_FINI based on magic _init +-- +2.14.2 + diff --git a/system/binutils/mips-illegal-memcpy.patch b/system/binutils/mips-illegal-memcpy.patch new file mode 100644 index 000000000..d76af178a --- /dev/null +++ b/system/binutils/mips-illegal-memcpy.patch @@ -0,0 +1,11 @@ +--- binutils-2.29/gas/config/tc-mips.c.old 2017-07-04 03:43:20.000000000 -0500 ++++ binutils-2.29/gas/config/tc-mips.c 2017-08-25 17:21:51.449460074 -0500 +@@ -13956,7 +13956,7 @@ + suffix = 0; + if (suffix) + { +- memcpy (name + opend - 2, name + opend, length - opend + 1); ++ memmove (name + opend - 2, name + opend, length - opend + 1); + insn = (struct mips_opcode *) hash_find (hash, name); + if (insn) + { diff --git a/system/binutils/remove-no-static-plt-test.patch b/system/binutils/remove-no-static-plt-test.patch new file mode 100644 index 000000000..ab6bc02e6 --- /dev/null +++ b/system/binutils/remove-no-static-plt-test.patch @@ -0,0 +1,21 @@ +The compiler generates relative addresses instead of absolute, confusing the +regex used. Disable this test since it would pass anyway. + +--- binutils-2.29/ld/testsuite/ld-x86-64/no-plt.exp.old 2017-07-04 08:43:21.000000000 +0000 ++++ binutils-2.29/ld/testsuite/ld-x86-64/no-plt.exp 2017-08-19 18:13:48.566481023 +0000 +@@ -100,15 +100,6 @@ + "no-plt-1c" \ + ] \ + [list \ +- "No PLT (static 1d)" \ +- "-static tmpdir/no-plt-check1.o tmpdir/no-plt-main1.o \ +- tmpdir/no-plt-func1.o tmpdir/no-plt-extern1.o" \ +- "" \ +- {dummy.s} \ +- {{readelf -Wr no-plt-1d.rd} {objdump -dwrj.text no-plt-1d.dd}} \ +- "no-plt-1d" \ +- ] \ +- [list \ + "No PLT (PIE 1e)" \ + "-pie tmpdir/no-plt-check1.o tmpdir/no-plt-main1.o \ + tmpdir/no-plt-func1.o tmpdir/no-plt-extern1.o" \ diff --git a/system/binutils/remove-pr19553c-test.patch b/system/binutils/remove-pr19553c-test.patch new file mode 100644 index 000000000..7e5b76ab0 --- /dev/null +++ b/system/binutils/remove-pr19553c-test.patch @@ -0,0 +1,14 @@ +This test requires symbol versioning which the musl libc does not support. + +--- binutils-2.29/ld/testsuite/ld-elf/indirect.exp.old 2017-07-04 08:43:21.000000000 +0000 ++++ binutils-2.29/ld/testsuite/ld-elf/indirect.exp 2017-08-19 05:00:13.086002872 +0000 +@@ -186,9 +186,6 @@ + {"Run with libpr19553b.so" + "-Wl,--no-as-needed tmpdir/libpr19553b.so tmpdir/libpr19553d.so -Wl,-rpath-link,." "" + {pr19553a.c} "pr19553b" "pr19553b.out"} +- {"Run with libpr19553c.so" +- "-Wl,--no-as-needed tmpdir/libpr19553c.so tmpdir/libpr19553b.so tmpdir/libpr19553d.so" "" +- {pr19553a.c} "pr19553c" "pr19553c.out"} + {"Run with libpr19553d.so" + "-Wl,--no-as-needed tmpdir/libpr19553d.so tmpdir/libpr19553b.so -Wl,-rpath-link,." "" + {pr19553a.c} "pr19553d" "pr19553d.out"} diff --git a/system/binutils/remove-pr2404-tests.patch b/system/binutils/remove-pr2404-tests.patch new file mode 100644 index 000000000..9efdf5242 --- /dev/null +++ b/system/binutils/remove-pr2404-tests.patch @@ -0,0 +1,73 @@ +These tests fail to link correctly on musl. + +--- binutils-2.29/ld/testsuite/ld-elf/shared.exp.old 2017-07-04 08:43:21.000000000 +0000 ++++ binutils-2.29/ld/testsuite/ld-elf/shared.exp 2017-08-19 04:59:05.319481464 +0000 +@@ -375,15 +375,6 @@ + {"Build needed3" + "tmpdir/needed3.o -Wl,--as-needed -Ltmpdir -lneeded3a -lneeded3b -lneeded1b" "" + {dummy.c} {} "needed3"} +- {"Build libpr2404a.so" +- "-shared" "-fPIC" +- {pr2404a.c} {} "libpr2404a.so"} +- {"Build libpr2404n.so" +- "-shared -Wl,-z,now" "-fPIC" +- {pr2404a.c} {} "libpr2404n.so"} +- {"Build libpr2404b.a" +- "" "" +- {pr2404b.c} {} "libpr2404b.a"} + {"Build rdynamic-1" + "-Wl,--no-dynamic-linker,-export-dynamic,--gc-sections" "-ffunction-sections" + {rdynamic-1.c} {{readelf {-s} rdynamic-1.rd}} "rdynamic-1"} +@@ -531,12 +522,6 @@ + [list "Run relmain" \ + "-Wl,--no-as-needed,-rpath=tmpdir -Ltmpdir -lrel" "" \ + {relmain.c} "relmain" "relmain.out" ] \ +- [list "Run pr2404" \ +- "-Wl,--no-as-needed tmpdir/pr2404b.o tmpdir/libpr2404a.so" "" \ +- {dummy.c} "pr2404" "pr2404.out" ] \ +- [list "Run pr2404n" \ +- "-Wl,-z,now -Wl,--no-as-needed tmpdir/pr2404b.o tmpdir/libpr2404n.so" "" \ +- {dummy.c} "pr2404n" "pr2404.out" ] \ + [list "Run pr18458" \ + "-Wl,--no-as-needed,-z,now tmpdir/libpr18458a.so tmpdir/libpr18458b.so" "" \ + {pr18458c.c} "pr18458" "pass.out" ] \ +@@ -675,14 +660,6 @@ + || [istarget *-*-gnu*] } { + run_cc_link_tests [list \ + [list \ +- "Build libpr2404b.a with PIE" \ +- "" \ +- "-fPIE" \ +- { pr2404b.c } \ +- {} \ +- "libpr2404b.a" \ +- ] \ +- [list \ + "Build pr19579a.o" \ + "" "-fPIE" \ + {pr19579a.c} \ +@@ -717,24 +694,6 @@ + "-fPIE" \ + ] \ + [list \ +- "Run pr2404 with PIE" \ +- "-pie -Wl,--no-as-needed tmpdir/pr2404b.o tmpdir/libpr2404a.so" \ +- "" \ +- { dummy.c } \ +- "pr2404pie" \ +- "pr2404.out" \ +- "-fPIE" \ +- ] \ +- [list \ +- "Run pr2404 with PIE (-z now)" \ +- "-pie -Wl,-z,now -Wl,--no-as-needed tmpdir/pr2404b.o tmpdir/libpr2404n.so" \ +- "" \ +- { dummy.c } \ +- "pr2404pien" \ +- "pr2404.out" \ +- "-fPIE" \ +- ] \ +- [list \ + "Run pr18718" \ + "" \ + "" \ diff --git a/system/build-tools/APKBUILD b/system/build-tools/APKBUILD index 2df7bf5a8..379f1a11b 100644 --- a/system/build-tools/APKBUILD +++ b/system/build-tools/APKBUILD @@ -3,7 +3,7 @@ pkgname=build-tools pkgver=1.0 -pkgrel=3 +pkgrel=4 pkgdesc="Meta-package for user development utilities" url="https://adelielinux.org/" arch="noarch" @@ -13,7 +13,7 @@ depends="bash make diffutils patch fortify-headers linux-headers - mawk bison flex sed + mawk sed bzip2 gzip unzip xz abuild" [ "${CBUILD}" != "${CHOST}" ] || depends="$depends diff --git a/system/clang/APKBUILD b/system/clang/APKBUILD new file mode 100644 index 000000000..d23bb3675 --- /dev/null +++ b/system/clang/APKBUILD @@ -0,0 +1,103 @@ +# Contributor Travis Tilley <ttilley@gmail.com> +# Maintainer: Natanael Copa <ncopa@alpinelinux.org> +pkgname=clang +# Note: Update together with llvm. +pkgver=4.0.0 +pkgrel=0 +_llvmver=${pkgver%%.*} +pkgdesc="A C language family front-end for LLVM" +arch="all" +url="http://llvm.org/" +license="UOI-NCSA" +makedepends=" + cmake + isl-dev + libedit-dev + libxml2-dev + libxml2-utils + llvm-dev>=$_llvmver + llvm-static>=$_llvmver + llvm-test-utils>=$_llvmver + " +depends_dev="$pkgname=$pkgver-r$pkgrel" +subpackages="$pkgname-static $pkgname-dev $pkgname-doc $pkgname-libs + $pkgname-analyzer::noarch" +source="https://llvm.org/releases/$pkgver/cfe-$pkgver.src.tar.xz + clang-0001-Add-Alpine-Linux-distro.patch + clang-0002-Use-z-relro-on-Alpine-Linux.patch + clang-0003-Use-hash-style-gnu-for-Alpine-Linux.patch + clang-0004-Add-musl-targets.patch + clang-0005-Enable-PIE-by-default-for-alpine-linux.patch + clang-0006-Link-with-z-now-by-default-for-Alpine-Linux.patch + clang-0007-Enable-stack-protector-by-default-for-alpine-linux.patch + " +builddir="$srcdir/cfe-$pkgver.src" + +build() { + mkdir -p "$builddir"/build + cd "$builddir"/build + + cmake .. -Wno-dev \ + -DCMAKE_BUILD_TYPE=MinSizeRel \ + -DCMAKE_INSTALL_PREFIX=/usr \ + -DCMAKE_VERBOSE_MAKEFILE=OFF \ + \ + -DCLANG_VENDOR=${DISTRO_SHORT_NAME:-Alpine} \ + -DCLANG_BUILD_EXAMPLES=OFF \ + -DCLANG_INCLUDE_DOCS=ON \ + -DCLANG_INCLUDE_TESTS=ON \ + -DCLANG_PLUGIN_SUPPORT=ON \ + -DLIBCLANG_BUILD_STATIC=ON \ + -DLLVM_ENABLE_EH=ON \ + -DLLVM_ENABLE_RTTI=ON + + make clang-tblgen + make +} + +check() { + cd "$builddir"/build + + make check-clang +} + +package() { + cd "$builddir"/build + + make DESTDIR="$pkgdir" install + install -m 644 lib/libclang.a "$pkgdir"/usr/lib + mkdir -p "$pkgdir"/etc + cat >"$pkgdir"/etc/alpine-release <<-EOF +Adélie Linux 1.0 (like Alpine 3.8) +EOF +} + +static() { + pkgdesc="Static libraries for clang" + + mkdir -p "$subpkgdir"/usr/lib + mv "$pkgdir"/usr/lib/*.a "$subpkgdir"/usr/lib/ +} + +analyzer() { + pkgdesc="Clang source code analysis framework" + depends="$pkgname=$pkgver-r$pkgrel perl python3" + + cd "$pkgdir" + + mkdir -p "$subpkgdir"/usr/bin \ + "$subpkgdir"/usr/libexec \ + "$subpkgdir"/usr/share/ + mv usr/bin/scan-* "$subpkgdir"/usr/bin/ + mv usr/libexec/*-analyzer "$subpkgdir"/usr/libexec/ + mv usr/share/scan-* "$subpkgdir"/usr/share/ +} + +sha512sums="a0d9972ec337a5c105fcbe7abc4076ba1e580f28908a3318f43bbfe59143f446ed5b78dad210f624145d7e5a3d56c15bfead78826c068422b60120fa1cfa482a cfe-4.0.0.src.tar.xz +4014984a187e4d0331d8315727d1b831e573843cd8d113df43424524cb348bc73ce3d12783351d9a14f9fd14111d75ce71d8f2a85d82b6437a61b11d85796cfb clang-0001-Add-Alpine-Linux-distro.patch +53741890ec3805dd0d5a930ed526cb5bac5f75c459c6910c9461017719186383cf54638af4eea7a38eb7f9f423b18086bd5584b11f7e4babf6cd0edf8b4f4f48 clang-0002-Use-z-relro-on-Alpine-Linux.patch +f06e351785d5755827459f17d3533415772ba84b4fbd4e49f418bafd20394e98d42b33a94aa34cff2a7b54c79cf06a6f5d382af5a55cba63a81116f0568d4b25 clang-0003-Use-hash-style-gnu-for-Alpine-Linux.patch +2998ab2dfbc3d5629dd7e65e7e39dc0ab96f61e24733cb8d2d4faee50a89f0f159ad44d10182ed4c96f060180f4e22510881f4e9eb00ced01278bde99adf3389 clang-0004-Add-musl-targets.patch +6215080a796fa1fc6f7634781ef77fc245037880dbf075a656823aae5f9f4911294dc6d61172db399b063adbe445c38b73cec12fc66dbe16bd9d84dc58035846 clang-0005-Enable-PIE-by-default-for-alpine-linux.patch +d151a6ecca470abb1f4dbc06910155db0688322475655e28cdcb9c0b21930c8bcaf166e9df9fc9dca1be654cf497587961e461d91ee2871fdf454bbd33c5fffe clang-0006-Link-with-z-now-by-default-for-Alpine-Linux.patch +f8c46bb64202c9233595362eb54288c30fbd28309308cbcafe1802dc50ffd676c7a70e6cbdbfd73464f872b40a90acd2eb736dcc9622fd434dbd44a5b0005027 clang-0007-Enable-stack-protector-by-default-for-alpine-linux.patch" diff --git a/system/clang/clang-0001-Add-Alpine-Linux-distro.patch b/system/clang/clang-0001-Add-Alpine-Linux-distro.patch new file mode 100644 index 000000000..f69baf5b8 --- /dev/null +++ b/system/clang/clang-0001-Add-Alpine-Linux-distro.patch @@ -0,0 +1,37 @@ +From: Natanael Copa <ncopa@alpinelinux.org> +From: Jakub Jirutka <jakub@jirutka.cz> +Date: Sun, 16 Apr 2017 16:49:00 +0100 +Subject: [PATCH] Add Alpine Linux distro + +--- a/include/clang/Driver/Distro.h ++++ b/include/clang/Driver/Distro.h +@@ -26,6 +26,7 @@ + // NB: Releases of a particular Linux distro should be kept together + // in this enum, because some tests are done by integer comparison against + // the first and last known member in the family, e.g. IsRedHat(). ++ AlpineLinux, + ArchLinux, + DebianLenny, + DebianSqueeze, +@@ -97,6 +98,10 @@ + /// @name Convenience Predicates + /// @{ + ++ bool IsAlpineLinux() const { ++ return DistroVal == AlpineLinux; ++ } ++ + bool IsRedhat() const { + return DistroVal == Fedora || (DistroVal >= RHEL5 && DistroVal <= RHEL7); + } +--- a/lib/Driver/Distro.cpp ++++ b/lib/Driver/Distro.cpp +@@ -128,6 +128,9 @@ + if (VFS.exists("/etc/arch-release")) + return Distro::ArchLinux; + ++ if (VFS.exists("/etc/alpine-release")) ++ return Distro::AlpineLinux; ++ + return Distro::UnknownDistro; + } diff --git a/system/clang/clang-0002-Use-z-relro-on-Alpine-Linux.patch b/system/clang/clang-0002-Use-z-relro-on-Alpine-Linux.patch new file mode 100644 index 000000000..45fce6e13 --- /dev/null +++ b/system/clang/clang-0002-Use-z-relro-on-Alpine-Linux.patch @@ -0,0 +1,16 @@ +From: Natanael Copa <ncopa@alpinelinux.org> +From: Jakub Jirutka <jakub@jirutka.cz> +Date: Sun, 16 Apr 2017 16:49:00 +0100 +Subject: [PATCH] Use "-z relro" on Alpine Linux + +--- a/lib/Driver/ToolChains.cpp ++++ b/lib/Driver/ToolChains.cpp +@@ -4112,7 +4112,7 @@ + + Distro Distro(D.getVFS()); + +- if (Distro.IsOpenSUSE() || Distro.IsUbuntu()) { ++ if (Distro.IsOpenSUSE() || Distro.IsUbuntu() || Distro.IsAlpineLinux()) { + ExtraOpts.push_back("-z"); + ExtraOpts.push_back("relro"); + } diff --git a/system/clang/clang-0003-Use-hash-style-gnu-for-Alpine-Linux.patch b/system/clang/clang-0003-Use-hash-style-gnu-for-Alpine-Linux.patch new file mode 100644 index 000000000..0b6632328 --- /dev/null +++ b/system/clang/clang-0003-Use-hash-style-gnu-for-Alpine-Linux.patch @@ -0,0 +1,16 @@ +From: Natanael Copa <ncopa@alpinelinux.org> +From: Jakub Jirutka <jakub@jirutka.cz> +Date: Sun, 16 Apr 2017 16:49:00 +0100 +Subject: [PATCH] Use --hash-style=gnu for Alpine Linux + +--- a/lib/Driver/ToolChains.cpp ++++ b/lib/Driver/ToolChains.cpp +@@ -4132,7 +4132,7 @@ + // ABI requires a mapping between the GOT and the symbol table. + // Android loader does not support .gnu.hash. + if (!IsMips && !IsAndroid) { +- if (Distro.IsRedhat() || Distro.IsOpenSUSE() || ++ if (Distro.IsRedhat() || Distro.IsOpenSUSE() || Distro.IsAlpineLinux() || + (Distro.IsUbuntu() && Distro >= Distro::UbuntuMaverick)) + ExtraOpts.push_back("--hash-style=gnu"); + diff --git a/system/clang/clang-0004-Add-musl-targets.patch b/system/clang/clang-0004-Add-musl-targets.patch new file mode 100644 index 000000000..d77294980 --- /dev/null +++ b/system/clang/clang-0004-Add-musl-targets.patch @@ -0,0 +1,116 @@ +From: Natanael Copa <ncopa@alpinelinux.org> +From: Jakub Jirutka <jakub@jirutka.cz> +Date: Sun, 16 Apr 2017 16:49:00 +0100 +Subject: [PATCH] Add musl targets + +--- a/lib/Driver/ToolChains.cpp ++++ b/lib/Driver/ToolChains.cpp +@@ -1644,7 +1644,8 @@ + case llvm::Triple::arm: + case llvm::Triple::thumb: + LibDirs.append(begin(ARMLibDirs), end(ARMLibDirs)); +- if (TargetTriple.getEnvironment() == llvm::Triple::GNUEABIHF) { ++ if (TargetTriple.getEnvironment() == llvm::Triple::GNUEABIHF || ++ TargetTriple.getEnvironment() == llvm::Triple::MuslEABIHF) { + TripleAliases.append(begin(ARMHFTriples), end(ARMHFTriples)); + } else { + TripleAliases.append(begin(ARMTriples), end(ARMTriples)); +@@ -1653,7 +1654,8 @@ + case llvm::Triple::armeb: + case llvm::Triple::thumbeb: + LibDirs.append(begin(ARMebLibDirs), end(ARMebLibDirs)); +- if (TargetTriple.getEnvironment() == llvm::Triple::GNUEABIHF) { ++ if (TargetTriple.getEnvironment() == llvm::Triple::GNUEABIHF || ++ TargetTriple.getEnvironment() == llvm::Triple::MuslEABIHF) { + TripleAliases.append(begin(ARMebHFTriples), end(ARMebHFTriples)); + } else { + TripleAliases.append(begin(ARMebTriples), end(ARMebTriples)); +@@ -3956,7 +3958,8 @@ + // regardless of what the actual target triple is. + case llvm::Triple::arm: + case llvm::Triple::thumb: +- if (TargetEnvironment == llvm::Triple::GNUEABIHF) { ++ if (TargetEnvironment == llvm::Triple::GNUEABIHF || ++ TargetEnvironment == llvm::Triple::MuslEABIHF) { + if (D.getVFS().exists(SysRoot + "/lib/arm-linux-gnueabihf")) + return "arm-linux-gnueabihf"; + } else { +@@ -3966,7 +3969,8 @@ + break; + case llvm::Triple::armeb: + case llvm::Triple::thumbeb: +- if (TargetEnvironment == llvm::Triple::GNUEABIHF) { ++ if (TargetEnvironment == llvm::Triple::GNUEABIHF || ++ TargetEnvironment == llvm::Triple::MuslEABIHF) { + if (D.getVFS().exists(SysRoot + "/lib/armeb-linux-gnueabihf")) + return "armeb-linux-gnueabihf"; + } else { +@@ -4334,6 +4338,12 @@ + ArchName = "armeb"; + IsArm = true; + break; ++ case llvm::Triple::ppc: ++ ArchName = "powerpc"; ++ break; ++ case llvm::Triple::x86: ++ ArchName = "i386"; ++ break; + default: + ArchName = Triple.getArchName().str(); + } +@@ -4544,7 +4554,8 @@ + break; + case llvm::Triple::arm: + case llvm::Triple::thumb: +- if (getTriple().getEnvironment() == llvm::Triple::GNUEABIHF) ++ if (getTriple().getEnvironment() == llvm::Triple::GNUEABIHF || ++ getTriple().getEnvironment() == llvm::Triple::MuslEABIHF) + MultiarchIncludeDirs = ARMHFMultiarchIncludeDirs; + else + MultiarchIncludeDirs = ARMMultiarchIncludeDirs; + +--- a/lib/Driver/Tools.cpp ++++ b/lib/Driver/Tools.cpp +@@ -953,6 +953,7 @@ + case llvm::Triple::FreeBSD: + switch (Triple.getEnvironment()) { + case llvm::Triple::GNUEABIHF: ++ case llvm::Triple::MuslEABIHF: + ABI = FloatABI::Hard; + break; + default: +@@ -9198,6 +9200,8 @@ + switch (getToolChain().getTriple().getEnvironment()) { + case llvm::Triple::GNUEABIHF: + case llvm::Triple::GNUEABI: ++ case llvm::Triple::MuslEABIHF: ++ case llvm::Triple::MuslEABI: + case llvm::Triple::EABI: + CmdArgs.push_back("-meabi=5"); + break; +@@ -9541,10 +9545,12 @@ + switch (getToolChain().getTriple().getEnvironment()) { + case llvm::Triple::EABI: + case llvm::Triple::GNUEABI: ++ case llvm::Triple::MuslEABI: + CmdArgs.push_back("armelf_nbsd_eabi"); + break; + case llvm::Triple::EABIHF: + case llvm::Triple::GNUEABIHF: ++ case llvm::Triple::MuslEABIHF: + CmdArgs.push_back("armelf_nbsd_eabihf"); + break; + default: +@@ -9559,10 +9565,12 @@ + switch (getToolChain().getTriple().getEnvironment()) { + case llvm::Triple::EABI: + case llvm::Triple::GNUEABI: ++ case llvm::Triple::MuslEABI: + CmdArgs.push_back("armelfb_nbsd_eabi"); + break; + case llvm::Triple::EABIHF: + case llvm::Triple::GNUEABIHF: ++ case llvm::Triple::MuslEABIHF: + CmdArgs.push_back("armelfb_nbsd_eabihf"); + break; + default: diff --git a/system/clang/clang-0005-Enable-PIE-by-default-for-alpine-linux.patch b/system/clang/clang-0005-Enable-PIE-by-default-for-alpine-linux.patch new file mode 100644 index 000000000..7cd79addc --- /dev/null +++ b/system/clang/clang-0005-Enable-PIE-by-default-for-alpine-linux.patch @@ -0,0 +1,55 @@ +From: Natanael Copa <ncopa@alpinelinux.org> +From: Jakub Jirutka <jakub@jirutka.cz> +Date: Sun, 16 Apr 2017 16:49:00 +0100 +Subject: [PATCH] Enable PIE by default for Alpine Linux + +Alpine Linux uses PIE by default. + +--- a/lib/Driver/ToolChains.cpp ++++ b/lib/Driver/ToolChains.cpp +@@ -4721,7 +4721,10 @@ + } + } + +-bool Linux::isPIEDefault() const { return getSanitizerArgs().requiresPIE(); } ++bool Linux::isPIEDefault() const { ++ return getSanitizerArgs().requiresPIE() || ++ Linux::getTriple().getVendorName().compare("alpine") == 0; ++} + + SanitizerMask Linux::getSupportedSanitizers() const { + const bool IsX86 = getTriple().getArch() == llvm::Triple::x86; +--- a/lib/Driver/Tools.cpp ++++ b/lib/Driver/Tools.cpp +@@ -9258,7 +9258,9 @@ + if (!D.SysRoot.empty()) + CmdArgs.push_back(Args.MakeArgString("--sysroot=" + D.SysRoot)); + +- if (IsPIE) ++ if (Args.hasArg(options::OPT_nopie)) ++ CmdArgs.push_back("-nopie"); ++ else if (IsPIE) + CmdArgs.push_back("-pie"); + + CmdArgs.push_back("--eh-frame-hdr"); +--- a/test/Driver/pic.c ++++ b/test/Driver/pic.c +@@ -244,6 +244,18 @@ + // RUN: %clang %s -target i386-pc-openbsd -nopie -### 2>&1 \ + // RUN: | FileCheck %s --check-prefix=CHECK-NOPIE-LD + // ++// On Alpine Linux, we want similar PIE-by-default behavior ++// RUN: %clang -c %s -target x86_64-alpine-linux-musl -### 2>&1 \ ++// RUN: | FileCheck %s --check-prefix=CHECK-PIE2 ++// RUN: %clang -c %s -target i686-alpine-linux-musl -### 2>&1 \ ++// RUN: | FileCheck %s --check-prefix=CHECK-PIE2 ++// RUN: %clang -c %s -target armv6-alpine-linux-musleabihf -### 2>&1 \ ++// RUN: | FileCheck %s --check-prefix=CHECK-PIE2 ++// RUN: %clang -c %s -target armv7-alpine-linux-musleabihf -### 2>&1 \ ++// RUN: | FileCheck %s --check-prefix=CHECK-PIE2 ++// RUN: %clang %s -target x86_64-alpine-linux-musl -nopie -### 2>&1 \ ++// RUN: | FileCheck %s --check-prefix=CHECK-NOPIE-LD ++// + // On Android PIC is enabled by default + // RUN: %clang -c %s -target i686-linux-android -### 2>&1 \ + // RUN: | FileCheck %s --check-prefix=CHECK-PIC2 diff --git a/system/clang/clang-0006-Link-with-z-now-by-default-for-Alpine-Linux.patch b/system/clang/clang-0006-Link-with-z-now-by-default-for-Alpine-Linux.patch new file mode 100644 index 000000000..90de948f6 --- /dev/null +++ b/system/clang/clang-0006-Link-with-z-now-by-default-for-Alpine-Linux.patch @@ -0,0 +1,19 @@ +From: Natanael Copa <ncopa@alpinelinux.org> +From: Jakub Jirutka <jakub@jirutka.cz> +Date: Sun, 16 Apr 2017 16:49:00 +0100 +Subject: [PATCH] Link with -z now by default for Alpine Linux + +--- a/lib/Driver/ToolChains.cpp ++++ b/lib/Driver/ToolChains.cpp +@@ -4116,6 +4116,11 @@ + + Distro Distro(D.getVFS()); + ++ if (Distro.IsAlpineLinux()) { ++ ExtraOpts.push_back("-z"); ++ ExtraOpts.push_back("now"); ++ } ++ + if (Distro.IsOpenSUSE() || Distro.IsUbuntu() || Distro.IsAlpineLinux()) { + ExtraOpts.push_back("-z"); + ExtraOpts.push_back("relro"); diff --git a/system/clang/clang-0007-Enable-stack-protector-by-default-for-alpine-linux.patch b/system/clang/clang-0007-Enable-stack-protector-by-default-for-alpine-linux.patch new file mode 100644 index 000000000..3487799b1 --- /dev/null +++ b/system/clang/clang-0007-Enable-stack-protector-by-default-for-alpine-linux.patch @@ -0,0 +1,54 @@ +From: Natanael Copa <ncopa@alpinelinux.org> +From: Jakub Jirutka <jakub@jirutka.cz> +Date: Sun, 16 Apr 2017 16:49:00 +0100 +Subject: [PATCH] Enable stack protector by default for Alpine Linux + +--- a/lib/Driver/ToolChains.cpp ++++ b/lib/Driver/ToolChains.cpp +@@ -4866,6 +4866,13 @@ + CmdArgs.push_back("-lunwind"); + } + ++unsigned Linux::GetDefaultStackProtectorLevel(bool KernelOrKext) const { ++ StringRef VendorName = Linux::getTriple().getVendorName(); ++ if (VendorName.compare("alpine") == 0) ++ return 2; ++ return 1; ++} ++ + /// DragonFly - DragonFly tool chain which can call as(1) and ld(1) directly. + + DragonFly::DragonFly(const Driver &D, const llvm::Triple &Triple, +--- a/lib/Driver/ToolChains.h ++++ b/lib/Driver/ToolChains.h +@@ -880,6 +880,7 @@ + void AddIAMCUIncludeArgs(const llvm::opt::ArgList &DriverArgs, + llvm::opt::ArgStringList &CC1Args) const override; + bool isPIEDefault() const override; ++ unsigned GetDefaultStackProtectorLevel(bool KernelOrKext) const override; + SanitizerMask getSupportedSanitizers() const override; + void addProfileRTLibs(const llvm::opt::ArgList &Args, + llvm::opt::ArgStringList &CmdArgs) const override; +--- a/test/Driver/stack-protector.c ++++ b/test/Driver/stack-protector.c +@@ -24,6 +24,20 @@ + // SSP-ALL: "-stack-protector" "3" + // SSP-ALL-NOT: "-stack-protector-buffer-size" + ++// RUN: %clang -target x86_64-alpine-linux-musl -### %s 2>&1 | FileCheck %s -check-prefix=ALPINE ++// ALPINE: "-stack-protector" "2" ++ ++// RUN: %clang -target x86_64-alpine-linux-musl -fstack-protector -### %s 2>&1 | FileCheck %s -check-prefix=ALPINE_SPS ++// ALPINE_SPS: "-stack-protector" "2" ++ ++// RUN: %clang -target x86_64-alpine-linux-musl -fstack-protector-all -### %s 2>&1 | FileCheck %s -check-prefix=ALPINE_ALL ++// ALPINE_ALL: "-stack-protector" "3" ++// ALPINE_ALL-NOT: "-stack-protector-buffer-size" ++ ++// RUN: %clang -target x86_64-alpine-linux-musl -fno-stack-protector -### %s 2>&1 | FileCheck %s -check-prefix=ALPINE_NOSSP ++// ALPINE_NOSSP-NOT: "-stack-protector" ++// ALPINE_NOSSP-NOT: "-stack-protector-buffer-size" ++ + // RUN: %clang -target x86_64-scei-ps4 -### %s 2>&1 | FileCheck %s -check-prefix=SSP-PS4 + // RUN: %clang -target x86_64-scei-ps4 -fstack-protector -### %s 2>&1 | FileCheck %s -check-prefix=SSP-PS4 + // SSP-PS4: "-stack-protector" "2" diff --git a/system/consolekit2/0001-busybox-reboot-and-poweroff-support.patch b/system/consolekit2/0001-busybox-reboot-and-poweroff-support.patch new file mode 100644 index 000000000..2db9f032b --- /dev/null +++ b/system/consolekit2/0001-busybox-reboot-and-poweroff-support.patch @@ -0,0 +1,40 @@ +From 5e557dd212657f7e75a0c4bd70d11ca06ccb3f84 Mon Sep 17 00:00:00 2001 +From: Natanael Copa <ncopa@alpinelinux.org> +Date: Mon, 4 Apr 2011 18:46:25 +0000 +Subject: [PATCH] busybox reboot and poweroff support + +--- + tools/linux/ck-system-restart | 3 +++ + tools/linux/ck-system-stop | 3 +++ + 2 files changed, 6 insertions(+), 0 deletions(-) + +diff --git a/tools/linux/ck-system-restart b/tools/linux/ck-system-restart +index 8e0664e..5cabb3d 100755 +--- a/tools/linux/ck-system-restart ++++ b/tools/linux/ck-system-restart +@@ -7,6 +7,9 @@ if [ -x "/sbin/shutdown" ] ; then + elif [ -x "/usr/sbin/shutdown" ] ; then + /usr/sbin/shutdown -r now + exit $? ++elif [ -x "/sbin/reboot" ]; then ++ /sbin/reboot ++ exit $? + else + exit 1 + fi +diff --git a/tools/linux/ck-system-stop b/tools/linux/ck-system-stop +index e26bca3..a0be3ac 100755 +--- a/tools/linux/ck-system-stop ++++ b/tools/linux/ck-system-stop +@@ -7,6 +7,9 @@ if [ -x "/sbin/shutdown" ] ; then + elif [ -x "/usr/sbin/shutdown" ] ; then + /usr/sbin/shutdown -h now + exit $? ++elif [ -x "/sbin/poweroff" ] ; then ++ /sbin/poweroff ++ exit $? + else + exit 1 + fi +-- +1.7.4.2 diff --git a/system/consolekit2/APKBUILD b/system/consolekit2/APKBUILD new file mode 100644 index 000000000..3273092ed --- /dev/null +++ b/system/consolekit2/APKBUILD @@ -0,0 +1,63 @@ +# Contributor: Bart Ribbers <bribbers@disroot.org> +# Maintainer: Bart Ribbers <bribbers@disroot.org> +pkgbase=ConsoleKit2 +pkgname=consolekit2 +pkgver=1.2.0 +pkgrel=6 +pkgdesc="A framework for defining and tracking users, login sessions, and seats" +provides="consolekit=$pkgver" +replaces=consolekit +arch=all +url="https://consolekit2.github.io/ConsoleKit2" +license=GPL2 +depends="polkit eudev" +makedepends="git automake autoconf gettext-dev glib-dev zlib-dev libxslt-dev + polkit-dev eudev-dev libdrm-dev libnih-dev libtool linux-pam-dev + xorg-server-dev acl-dev xmlto docbook-xml libevdev-dev" +checkdepends="libxml2-utils" +source="$pkgname-$pkgver.tar.gz::https://github.com/${pkgname}/${pkgname}/archive/${pkgver}.tar.gz + consolekit2.initd + ac_disable_static.patch + 0001-busybox-reboot-and-poweroff-support.patch + add-listseats.patch + pam-foreground-compat.ck" +subpackages="$pkgname-dev $pkgname-doc $pkgname-lang $pkgname-openrc" +builddir="$srcdir"/$pkgbase-$pkgver + +prepare() { + default_prepare + + cd "$builddir" + + NOCONFIGURE=1 ./autogen.sh +} + +build() { + cd "$builddir" + XMLTO_FLAGS='--skip-validation' ./configure \ + --prefix=/usr --sysconfdir=/etc --localstatedir=/var \ + --disable-static --enable-pam-module --enable-udev-acl \ + --enable-tests --enable-docbook-docs --enable-polkit + sed -i -e 's/ -shared / -Wl,-O1,--as-needed\0/g' libtool + make +} + +check() { + cd "$builddir" + make check +} + +package() { + cd "$builddir" + make DESTDIR="$pkgdir" install + install -m 755 "$srcdir"/pam-foreground-compat.ck \ + "$pkgdir"/usr/lib/ConsoleKit/run-session.d/ + install -D -m755 "$srcdir"/consolekit2.initd \ + "$pkgdir"/etc/init.d/consolekit +} +sha512sums="30f2ceec14044669f40676e9b17513874350e2b70f0a918be934f7e64309c8595dbec4ac0937044c98dda51eb97c99443dc9d1de33f08365d72da8600296ad78 consolekit2-1.2.0.tar.gz +8c16c452707475bdd4a50d3ade367d52ad92a6560be48b4e21e5b5eadef6e56c39d3d03d3a64f9b45a59eca50179cf5aa9c11978904d5d101db7498fb9bc0339 consolekit2.initd +0f628fd1589b1790ad9adcb2278de504b75cc6b4ec7284a1cbda44ebd34b9966014989f47f343cb936d8503acc4eeec43ddff07cb11f55388e47256b8420e2e8 ac_disable_static.patch +ec0c88e640afac0561c84131d63fa8c9e2e29611b789ae5c163cd11465b22017602d88dc853866624f57bce2ee466ab63af075d083a9ba6e87327ad8d0a0769f 0001-busybox-reboot-and-poweroff-support.patch +c2adfad3f7f6d5f880e0b7e7ed99f62bd7f2bd510492bba5634f0b2391bacd43cb3246a072400392c508d42acdba114cb920f5d498b0c4339d86cf19f691b6fa add-listseats.patch +3b114fbbe74cfba0bfd4dad0eb1b85d08b4979a998980c1cbcd7f44b8a16b0ceca224680d4f4a1644cd24698f8817e5e8bdfcdc4ead87a122d0e323142f47910 pam-foreground-compat.ck" diff --git a/system/consolekit2/ac_disable_static.patch b/system/consolekit2/ac_disable_static.patch new file mode 100644 index 000000000..38d6f12ac --- /dev/null +++ b/system/consolekit2/ac_disable_static.patch @@ -0,0 +1,13 @@ +diff --git a/configure.ac b/configure.ac +index 071a0d8..7469697 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -30,7 +30,6 @@ AC_SEARCH_LIBS([strerror],[cposix]) + AC_PROG_CC + AM_PROG_CC_C_O + AC_HEADER_STDC +-AC_DISABLE_STATIC +-LT_INIT ++LT_INIT([disable-static]) + AC_HEADER_STDC + AC_FUNC_FORK diff --git a/system/consolekit2/add-listseats.patch b/system/consolekit2/add-listseats.patch new file mode 100644 index 000000000..44bc034c8 --- /dev/null +++ b/system/consolekit2/add-listseats.patch @@ -0,0 +1,100 @@ +diff --git a/data/ConsoleKit.conf b/data/ConsoleKit.conf +index 6c10476..216a0e9 100644 +--- a/data/ConsoleKit.conf ++++ b/data/ConsoleKit.conf +@@ -80,6 +80,9 @@ + send_member="CloseSession"/> + <allow send_destination="org.freedesktop.ConsoleKit" + send_interface="org.freedesktop.ConsoleKit.Manager" ++ send_member="ListSeats"/> ++ <allow send_destination="org.freedesktop.ConsoleKit" ++ send_interface="org.freedesktop.ConsoleKit.Manager" + send_member="GetSeats"/> + <allow send_destination="org.freedesktop.ConsoleKit" + send_interface="org.freedesktop.ConsoleKit.Manager" +diff --git a/src/ck-manager.c b/src/ck-manager.c +index 4722bdb..7d8b8b2 100644 +--- a/src/ck-manager.c ++++ b/src/ck-manager.c +@@ -3841,6 +3841,44 @@ dbus_unlock_session (ConsoleKitManager *ckmanager, + } + + static gboolean ++dbus_list_seats (ConsoleKitManager *ckmanager, ++ GDBusMethodInvocation *context) ++{ ++ CkManager *manager; ++ GVariantBuilder seat_builder; ++ GVariant *seat; ++ GHashTableIter seat_iter; ++ const gchar *key; ++ CkSeat *value; ++ ++ TRACE (); ++ ++ manager = CK_MANAGER (ckmanager); ++ ++ g_return_val_if_fail (CK_IS_MANAGER (manager), FALSE); ++ ++ /* if we don't have seats, we need to return NULL */ ++ if (g_hash_table_size (manager->priv->seats) == 0) { ++ throw_error (context, CK_MANAGER_ERROR_NO_SEATS, _("User has no seats")); ++ return TRUE; ++ } ++ ++ g_variant_builder_init (&seat_builder, G_VARIANT_TYPE_ARRAY); ++ ++ g_hash_table_iter_init (&seat_iter, manager->priv->seats); ++ while (g_hash_table_iter_next (&seat_iter, &key, &value)) { ++ seat = g_variant_new("(so)", ++ console_kit_seat_get_name( CONSOLE_KIT_SEAT(value) ), ++ key); ++ ++ g_variant_builder_add_value (&seat_builder, seat); ++ } ++ ++ console_kit_manager_complete_list_seats (ckmanager, context, g_variant_builder_end (&seat_builder)); ++ return TRUE; ++} ++ ++static gboolean + dbus_get_seats (ConsoleKitManager *ckmanager, + GDBusMethodInvocation *context) + { +@@ -4134,6 +4172,7 @@ ck_manager_iface_init (ConsoleKitManagerIface *iface) + iface->handle_stop = dbus_stop; + iface->handle_suspend = dbus_suspend; + iface->handle_close_session = dbus_close_session; ++ iface->handle_list_seats = dbus_list_seats; + iface->handle_get_seats = dbus_get_seats; + iface->handle_get_sessions = dbus_get_sessions; + iface->handle_get_sessions_for_unix_user = dbus_get_sessions_for_unix_user; +diff --git a/src/org.freedesktop.ConsoleKit.Manager.xml b/src/org.freedesktop.ConsoleKit.Manager.xml +index a44880c..024a3e2 100644 +--- a/src/org.freedesktop.ConsoleKit.Manager.xml ++++ b/src/org.freedesktop.ConsoleKit.Manager.xml +@@ -531,6 +531,24 @@ + </doc:doc> + </method> + ++ <method name="ListSeats"> ++ <arg name="seats" direction="out" type="a(so)"> ++ <doc:doc> ++ <doc:summary>an array of seat names and IDs</doc:summary> ++ </doc:doc> ++ </arg> ++ <doc:doc> ++ <doc:description> ++ <doc:para>Retrieves a list of all <doc:ref type="interface" to="Seat">Seats</doc:ref> ++ that are present on the system.</doc:para> ++ <doc:para>Like the logind method of the same name, this returns both the seat's name ++ (such as "seat0") and the D-Bus object path for the seat object that implements the ++ <doc:ref type="interface" to="Seat">Seat</doc:ref> interface.</doc:para> ++ </doc:description> ++ <doc:seealso><doc:ref type="method" to="Manager.GetSeats">GetSeats()</doc:ref></doc:seealso> ++ </doc:doc> ++ </method> ++ + <method name="GetSeats"> + <arg name="seats" direction="out" type="ao"> + <doc:doc> diff --git a/system/consolekit2/consolekit2.initd b/system/consolekit2/consolekit2.initd new file mode 100644 index 000000000..697eea8f9 --- /dev/null +++ b/system/consolekit2/consolekit2.initd @@ -0,0 +1,9 @@ +#!/sbin/openrc-run + +description="Tracks sessions and seats" +pidfile="/var/run/ConsoleKit/pid" +command="/usr/sbin/console-kit-daemon" + +depend() { + need dbus +} diff --git a/system/consolekit2/pam-foreground-compat.ck b/system/consolekit2/pam-foreground-compat.ck new file mode 100644 index 000000000..c9255503c --- /dev/null +++ b/system/consolekit2/pam-foreground-compat.ck @@ -0,0 +1,17 @@ +#!/bin/sh +TAGDIR=/var/run/console + +[ -n "$CK_SESSION_USER_UID" ] || exit 1 +[ "$CK_SESSION_IS_LOCAL" = "true" ] || exit 0 + +TAGFILE="$TAGDIR/`getent passwd $CK_SESSION_USER_UID | cut -f 1 -d:`" + +if [ "$1" = "session_added" ]; then + mkdir -p "$TAGDIR" + echo "$CK_SESSION_ID" >> "$TAGFILE" +fi + +if [ "$1" = "session_removed" ] && [ -e "$TAGFILE" ]; then + sed -i "\%^$CK_SESSION_ID\$%d" "$TAGFILE" + [ -s "$TAGFILE" ] || rm -f "$TAGFILE" +fi diff --git a/system/cups/APKBUILD b/system/cups/APKBUILD new file mode 100644 index 000000000..ebe30a0c7 --- /dev/null +++ b/system/cups/APKBUILD @@ -0,0 +1,135 @@ +# Maintainer: Natanael Copa <ncopa@alpinelinux.org> +pkgname=cups +pkgver=2.2.5 +pkgrel=0 +pkgdesc="The CUPS Printing System" +url="http://www.cups.org/" +arch="all" +license="GPL LGPL2+" +# cupsUTF8ToCharset(CUPS_EUC_JP) of utfdemo.txt: FAIL (UTF-8 to EUC-JP on line 1) +options="!check" +subpackages="$pkgname-dev $pkgname-doc $pkgname-libs ipptool $pkgname-client + $pkgname-lang $pkgname-openrc" +depends_dev="openssl-dev zlib-dev" +makedepends="$depends_dev libpaper-dev dbus-dev libjpeg-turbo-dev linux-headers + gnutls-dev" +depends="cups-client poppler-utils openssl dbus" +install="cups.pre-install" +pkggroups="lp lpadmin" +pkgusers="lp" +source="https://github.com/apple/cups/releases/download/v$pkgver/cups-$pkgver-source.tar.gz + $pkgname.logrotate + cupsd.initd + cups-no-export-ssllibs.patch + default-config-no-gssapi.patch + " +builddir="$srcdir/$pkgname-$pkgver" + +build() { + cd "$builddir" + + ./configure \ + --build=$CBUILD \ + --host=$CHOST \ + --prefix=/usr \ + --libdir=/usr/lib \ + --sysconfdir=/etc \ + --localstatedir=/var \ + --with-logdir=/var/log/cups \ + --with-docdir=/usr/share/cups \ + --with-rundir=/run/cups \ + --with-cupsd-file-perm=0755 \ + --with-cups-user=lp \ + --with-cups-group=lp \ + --with-system-groups=lpadmin \ + --with-domainsocket=/run/cups/cups.sock \ + --without-rcdir \ + --without-php \ + --enable-pam \ + --enable-raw-printing \ + --enable-dbus \ + --with-dbusdir=/etc/dbus-1 \ + --enable-libpaper \ + --enable-ssl=yes \ + --enable-gnutls \ + --disable-launchd \ + --with-optim="$CFLAGS" + make +} + +check() { + cd "$builddir" + make check +} + +package() { + cd "$builddir" + + make BUILDROOT="$pkgdir" install + + cd "$pkgdir" + + # These no longer works since CUPS >= 1.6 (http://www.cups.org/str.php?L4120). + rm -rf usr/share/cups/banners/* \ + usr/share/cups/data/testprint + + install -D -m 644 "$srcdir"/cups.logrotate etc/logrotate.d/cups + install -D -m 755 "$srcdir"/cupsd.initd etc/init.d/cupsd + + if [ -e usr/share/applications/cups.desktop ] ; then + sed -i 's|^Exec=htmlview http://localhost:631/|Exec=xdg-open http://localhost:631/|g' \ + usr/share/applications/cups.desktop + fi + find usr/share/cups/model -name "*.ppd" | xargs gzip -n9f +} + +libs() { + pkgdesc="CUPS libraries" + depends="" + replaces="libcups" + + cd "$pkgdir" + _mv usr/lib/*.so* + install -d "$pkgdir"/etc/cups +} + +ipptool() { + pkgdesc="Perform internet printing protocol requests" + depends="" + + cd "$pkgdir" + _mv usr/bin/ipptool \ + usr/share/cups/ipptool +} + +client() { + pkgdesc="CUPS command-line client programs" + depends="" + + cd "$pkgdir" + _mv usr/bin \ + usr/sbin/accept \ + usr/sbin/cupsaccept \ + usr/sbin/cupsaddsmb \ + usr/sbin/cupsctl \ + usr/sbin/cupsdisable \ + usr/sbin/cupsenable \ + usr/sbin/lpadmin \ + usr/sbin/lpc \ + usr/sbin/lpinfo \ + usr/sbin/lpmove \ + usr/sbin/reject +} + +_mv() { + local i; for i in "$@"; do + mkdir -p "$subpkgdir"/${i%/*} + mv "$pkgdir"/$i "$subpkgdir"/${i%/*}/ + done +} + +sha512sums="5c824e74e2679de360ff1f95aa74013ca2d6a88d11d18041e7a5b51746c2a21bbc10da785791ea4e40d316167560982466789767018bd02676cf810ad0c3a5c9 cups-2.2.5-source.tar.gz +cf64211da59e79285f99d437c02fdd7db462855fb2920ec9563ba47bd8a9e5cbd10555094940ceedeb41ac805c4f0ddb9147481470112a11a76220d0298aef79 cups.logrotate +2c2683f755a220166b3a1653fdd1a6daa9718c8f0bbdff2e2d5e61d1133306260d63a83d3ff41619b5cf84c4913fae5822b79553e2822858f38fa3613f4c7082 cupsd.initd +7a8cd9ac33b0dd4627c72df4275db8ccd7cf8e201bce3833719b42f532f526bb347b842e3ea1ef0d61855b5c6e1088b5d20b68942f2c2c0acf504d8d9728efd3 cups-no-export-ssllibs.patch +98bb97f4af69ea286fc3d398b8e57c32440e6b2d49fb7f79b418a4fe7f13441f3a610f65d3433d10d971ade808233c0b29b4d66160623ccaae919179384be918 default-config-no-gssapi.patch" diff --git a/system/cups/cups-no-export-ssllibs.patch b/system/cups/cups-no-export-ssllibs.patch new file mode 100644 index 000000000..e227bd182 --- /dev/null +++ b/system/cups/cups-no-export-ssllibs.patch @@ -0,0 +1,12 @@ +diff -up cups-1.5b1/config-scripts/cups-ssl.m4.no-export-ssllibs cups-1.5b1/config-scripts/cups-ssl.m4 +--- cups-1.6.2/config-scripts/cups-ssl.m4.no-export-ssllibs 2011-05-11 02:52:08.000000000 +0200 ++++ cups-1.6.2/config-scripts/cups-ssl.m4 2011-05-23 17:47:27.000000000 +0200 +@@ -180,7 +180,7 @@ + AC_SUBST(SSLFLAGS) + AC_SUBST(SSLLIBS) + +-EXPORT_SSLLIBS="$SSLLIBS" ++EXPORT_SSLLIBS="" + AC_SUBST(EXPORT_SSLLIBS) + + dnl diff --git a/system/cups/cups.logrotate b/system/cups/cups.logrotate new file mode 100644 index 000000000..a50b058a3 --- /dev/null +++ b/system/cups/cups.logrotate @@ -0,0 +1,8 @@ +/var/log/cups/*log { + missingok + notifempty + delaycompress + postrotate + /etc/init.d/cupsd --quiet --ifstarted reload + endscript +} diff --git a/system/cups/cups.pre-install b/system/cups/cups.pre-install new file mode 100644 index 000000000..cdb75cac5 --- /dev/null +++ b/system/cups/cups.pre-install @@ -0,0 +1,8 @@ +#!/bin/sh + +addgroup -S lpadmin 2>/dev/null +addgroup -S lp 2>/dev/null +adduser -S -G lp -g lp lp 2>/dev/null +addgroup lp lp 2>/dev/null + +exit 0 diff --git a/system/cups/cupsd.initd b/system/cups/cupsd.initd new file mode 100644 index 000000000..ff0998784 --- /dev/null +++ b/system/cups/cupsd.initd @@ -0,0 +1,44 @@ +#!/sbin/openrc-run + +name="CUPS" + +extra_commands="checkconfig" +extra_started_commands="reload" + +description_checkconfig="Test the configuration file" +description_reload="Reload" + +: ${cfgfile:="/etc/cups/cupsd.conf"} + +command="/usr/sbin/cupsd" +command_args="-f -c $cfgfile" +command_background="yes" + +pidfile="/run/cups/$RC_SVCNAME.pid" + +depend() { + use net + before nfs + need dbus + after logger +} + +checkconfig() { + $command $command_args -t >/dev/null 2>&1 \ + || $command $command_args -t +} + +start_pre() { + checkconfig || return 1 + + checkpath -q -d -m 0775 -o root:lp /var/cache/cups + checkpath -q -d -m 0775 -o root:lp /var/cache/cups/rss + checkpath -q -d -m 0755 -o root:lp /run/cups + checkpath -q -d -m 0511 -o lp:lpadmin /run/cups/certs +} + +reload() { + ebegin "Reloading $name" + start-stop-daemon --signal HUP --pidfile "$pidfile" + eend $? +} diff --git a/system/cups/default-config-no-gssapi.patch b/system/cups/default-config-no-gssapi.patch new file mode 100644 index 000000000..b12c55ddf --- /dev/null +++ b/system/cups/default-config-no-gssapi.patch @@ -0,0 +1,26 @@ +--- a/conf/cupsd.conf.in ++++ b/conf/cupsd.conf.in +@@ -145,12 +145,12 @@ + + # Job-related operations must be done by the owner or an administrator... + <Limit Create-Job Print-Job Print-URI Validate-Job> +- AuthType Negotiate ++ AuthType Default + Order deny,allow + </Limit> + + <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job CUPS-Get-Document> +- AuthType Negotiate ++ AuthType Default + Require user @OWNER @SYSTEM + Order deny,allow + </Limit> +@@ -171,7 +171,7 @@ + + # Only the owner or an administrator can cancel or authenticate a job... + <Limit Cancel-Job CUPS-Authenticate-Job> +- AuthType Negotiate ++ AuthType Default + Require user @OWNER @CUPS_DEFAULT_PRINTOPERATOR_AUTH@ + Order deny,allow + </Limit> diff --git a/system/dash/APKBUILD b/system/dash/APKBUILD new file mode 100644 index 000000000..f22c6c8eb --- /dev/null +++ b/system/dash/APKBUILD @@ -0,0 +1,44 @@ +# Maintainer: Natanael Copa <ncopa@alpinelinux.org> +pkgname=dash +pkgver=0.5.9.1 +pkgrel=1 +pkgdesc="Small and fast POSIX-compliant shell" +url="http://gondor.apana.org.au/~herbert/dash/" +arch="all" +license="GPL-2.0+" +subpackages="$pkgname-binsh::noarch $pkgname-doc" +source="http://gondor.apana.org.au/~herbert/$pkgname/files/$pkgname-$pkgver.tar.gz" + +build() { + cd "$builddir" + + ./configure \ + --build=$CBUILD \ + --host=$CHOST \ + --prefix=/ \ + --sysconfdir=/etc \ + --mandir=/usr/share/man \ + --localstatedir=/var + make +} + +check() { + cd "$builddir" + make check + ./src/dash -c 'echo ok' +} + +package() { + cd "$builddir" + + make DESTDIR="$pkgdir" install +} + +binsh() { + pkgdesc="Use dash as /bin/sh" + provides="/bin/sh" + mkdir -p "$subpkgdir"/bin + ln -s dash "$subpkgdir"/bin/sh +} + +sha512sums="d56a043b8fab4693d3f70cceb531c37174e7ded4acd5549e53048d7ce29125ff21d7e758f51a4a73e06250d051e246467039989275838c19a2579edea3f72b7d dash-0.5.9.1.tar.gz" diff --git a/system/easy-kernel/APKBUILD b/system/easy-kernel/APKBUILD index 75b891551..bfe1f5cbe 100644 --- a/system/easy-kernel/APKBUILD +++ b/system/easy-kernel/APKBUILD @@ -1,17 +1,20 @@ # Contributor: A. Wilcox <awilfox@adelielinux.org> # Maintainer: A. Wilcox <awilfox@adelielinux.org> -pkgname=easy-kernel -pkgver=4.14.8 -pkgrel=2 +_pkgname=easy-kernel +pkgver=4.14.19 +pkgrel=4 +pkgname=$_pkgname-$pkgver-mc$pkgrel pkgdesc="The Linux kernel, packaged for your convenience" url="https://kernel.org/" arch="all" -options="!check !dbg !strip" +options="!check !dbg !strip !tracedeps" license="GPL-2.0" depends="" -makedepends="lzop openssl-dev" +makedepends="bc gzip lzop openssl-dev xz" install="" -subpackages="$pkgname-modules" +provides="easy-kernel=$pkgver-r$pkgrel" +subpackages="$_pkgname-modules-$pkgver-mc$pkgrel:modules + $_pkgname-src-$pkgver-mc$pkgrel:src" source="https://cdn.kernel.org/pub/linux/kernel/v4.x/linux-4.14.tar.xz https://mirrormaster.adelielinux.org/source/linux-4.14-mc$pkgrel.patch.xz config-ppc64 @@ -42,22 +45,43 @@ package() { make INSTALL_PATH="$pkgdir"/boot \ INSTALL_MOD_PATH="$pkgdir" \ install modules_install + + if [ -f "$pkgdir"/boot/vmlinuz ]; then + mv "$pkgdir"/boot/vmlinuz \ + "$pkgdir"/boot/vmlinuz-$pkgver-mc$pkgrel-easy + fi + if [ -f "$pkgdir"/boot/vmlinux ]; then + mv "$pkgdir"/boot/vmlinux \ + "$pkgdir"/boot/vmlinux-$pkgver-mc$pkgrel-easy + fi + + install -D "$builddir"/include/config/kernel.release \ + "$pkgdir"/usr/share/kernel/easy-$pkgver-mc$pkgrel/kernel.release } modules() { pkgdesc="Modules / device drivers for easy-kernel" + provides="easy-kernel-modules=$pkgver-r$pkgrel" + autodeps=0 # modules should not depend on src just for symlink mkdir -p "$subpkgdir"/lib mv "$pkgdir"/lib/modules "$subpkgdir"/lib/ + rm "$subpkgdir"/lib/modules/$pkgver-mc$pkgrel-easy/build + rm "$subpkgdir"/lib/modules/$pkgver-mc$pkgrel-easy/source + ln -s "../../../usr/src/linux-$pkgver-mc$pkgrel" \ + "$subpkgdir"/lib/modules/$pkgver-mc$pkgrel-easy/build + ln -s "../../../usr/src/linux-$pkgver-mc$pkgrel" \ + "$subpkgdir"/lib/modules/$pkgver-mc$pkgrel-easy/source } src() { - pkgdesc="Kernel source code used to build THIS kernel" + pkgdesc="Kernel source code used to build the kernel" + provides="easy-kernel-src=$pkgver-r$pkgrel" mkdir -p "$subpkgdir"/usr/src - mv "$srcdir"/linux-src "$subpkgdir"/usr/src/linux + mv "$srcdir"/linux-src "$subpkgdir"/usr/src/linux-$pkgver-mc$pkgrel } sha512sums="77e43a02d766c3d73b7e25c4aafb2e931d6b16e870510c22cef0cdb05c3acb7952b8908ebad12b10ef982c6efbe286364b1544586e715cf38390e483927904d8 linux-4.14.tar.xz -ea893dbb34129691d766cd2a80319448a99d022474878147cc90da4bf7364f747e1d2a68bc5cd70e701bccb5f5ba48d628678cd4d95afbdb9b0c128137e1c437 linux-4.14-mc2.patch.xz -15513dd39075d5b3b27adc193995ffef9d0bad2a5b128f04f8952b0b056a97e15a143f2f3b06de1c6eaa56e6034f28c528aa69786563e2bda6bf35e3182acfaa config-ppc64 -4580119dbbb8abb7cf3d433deee76264bc772f7710e75850483181f3d82e58a12e9045c663ae46a4f8633357790a8776d04826ae1f3954c556fa32ff9dade31f config-ppc -4fdfbbd63b0f6dc1f9988c752d2bfaa51038d1d6f3f9bdf968809acce50c047ad5a82734ab8d37e57008ff43f483b5734cbefa85c564fda25eccdb867e5949b8 config-x86_64 -34baf5fb4a75bd9aa196313fa38ccf7d591b581d47a61be50b61e88ddaecf0f25992f1579e6fe73c73e1e6b11d7beabf05e6d778cc0de09b048252bedc271bc2 config-pmmx" +e75d81ff5844106d780f81423fb45de47dfcfad52bd1870e590633ca0d8ca453c710543471b2fac862f1cfe39884b206afe8fb25688fb9acb7584e1cc315ba5b linux-4.14-mc4.patch.xz +9308029118547be983e3e510ede93e8277c3343f3c6828dfd39c8029341fe099b7cc7338d7603d21a3a69a6c1dd749889ea65ea9f5a94a3fae3e59f76ef33a98 config-ppc64 +419dd30c2d2592293e7b6889a397784fed84a1f686c0d2d262177be98bcb022a9eab4f77c930866fbc8651fcec0a06a12fb796b85591b28f0b9852904347e44a config-ppc +b89282bacff4d90337eaff02dc6f8122b91b54e8606c667ba3478036268e21477e0bbc98f68f8b5d1a750c8cf9ae82cf3c7be2344c1ddb9f108518cf17984690 config-x86_64 +77fe0ae34512cfe4487f4f03cff4b1ea413f1fb40cb9528af6e670c258b6a268d5741b229b4aeeef70e62602813b47e99f59b111acaf82334be3d860d27b5360 config-pmmx" diff --git a/system/easy-kernel/config-pmmx b/system/easy-kernel/config-pmmx index 317e04714..21f56d985 100644 --- a/system/easy-kernel/config-pmmx +++ b/system/easy-kernel/config-pmmx @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86 4.14.4-mc1 Kernel Configuration +# Linux/x86 4.14.19-mc4 Kernel Configuration # # CONFIG_64BIT is not set CONFIG_X86_32=y @@ -109,7 +109,6 @@ CONFIG_TICK_ONESHOT=y CONFIG_NO_HZ_COMMON=y # CONFIG_HZ_PERIODIC is not set CONFIG_NO_HZ_IDLE=y -# CONFIG_NO_HZ_FULL is not set # CONFIG_NO_HZ is not set CONFIG_HIGH_RES_TIMERS=y @@ -117,7 +116,6 @@ CONFIG_HIGH_RES_TIMERS=y # CPU/Task time and stats accounting # CONFIG_TICK_CPU_ACCOUNTING=y -# CONFIG_VIRT_CPU_ACCOUNTING_GEN is not set # CONFIG_IRQ_TIME_ACCOUNTING is not set CONFIG_BSD_PROCESS_ACCT=y CONFIG_BSD_PROCESS_ACCT_V3=y @@ -307,6 +305,7 @@ CONFIG_ARCH_HAS_STRICT_KERNEL_RWX=y CONFIG_STRICT_KERNEL_RWX=y CONFIG_ARCH_HAS_STRICT_MODULE_RWX=y CONFIG_STRICT_MODULE_RWX=y +CONFIG_ARCH_HAS_REFCOUNT=y CONFIG_REFCOUNT_FULL=y # @@ -417,6 +416,7 @@ CONFIG_X86_FAST_FEATURE_TESTS=y CONFIG_X86_MPPARSE=y CONFIG_X86_BIGSMP=y # CONFIG_GOLDFISH is not set +CONFIG_RETPOLINE=y # CONFIG_INTEL_RDT is not set CONFIG_X86_EXTENDED_PLATFORM=y # CONFIG_X86_GOLDFISH is not set @@ -469,7 +469,6 @@ CONFIG_M586MMX=y # CONFIG_MCYRIXIII is not set # CONFIG_MVIAC3_2 is not set # CONFIG_MVIAC7 is not set -# CONFIG_MPSC is not set # CONFIG_MATOM is not set # CONFIG_MCORE2 is not set # CONFIG_MNEHALEM is not set @@ -480,7 +479,6 @@ CONFIG_M586MMX=y # CONFIG_MHASWELL is not set # CONFIG_MBROADWELL is not set # CONFIG_MSKYLAKE is not set -# CONFIG_GENERIC_CPU is not set # CONFIG_MNATIVE is not set CONFIG_X86_GENERIC=y CONFIG_X86_INTERNODE_CACHE_SHIFT=6 @@ -628,9 +626,6 @@ CONFIG_HOTPLUG_CPU=y # CONFIG_BOOTPARAM_HOTPLUG_CPU0 is not set # CONFIG_DEBUG_HOTPLUG_CPU0 is not set # CONFIG_COMPAT_VDSO is not set -# CONFIG_LEGACY_VSYSCALL_NATIVE is not set -# CONFIG_LEGACY_VSYSCALL_EMULATE is not set -# CONFIG_LEGACY_VSYSCALL_NONE is not set # CONFIG_CMDLINE_BOOL is not set CONFIG_MODIFY_LDT_SYSCALL=y CONFIG_ARCH_ENABLE_MEMORY_HOTPLUG=y @@ -871,7 +866,6 @@ CONFIG_TCIC=m CONFIG_PCMCIA_PROBE=y CONFIG_PCCARD_NONSTATIC=y # CONFIG_RAPIDIO is not set -CONFIG_X86_SYSFB=y # # Executable file formats / Emulations @@ -1409,6 +1403,7 @@ CONFIG_DEV_COREDUMP=y # CONFIG_SYS_HYPERVISOR is not set # CONFIG_GENERIC_CPU_DEVICES is not set CONFIG_GENERIC_CPU_AUTOPROBE=y +CONFIG_GENERIC_CPU_VULNERABILITIES=y CONFIG_REGMAP=y CONFIG_REGMAP_I2C=m CONFIG_REGMAP_MMIO=y @@ -5874,8 +5869,7 @@ CONFIG_IO_DELAY_0X80=y CONFIG_DEFAULT_IO_DELAY_TYPE=0 # CONFIG_OPTIMIZE_INLINING is not set # CONFIG_PUNIT_ATOM_DEBUG is not set -CONFIG_FRAME_POINTER_UNWINDER=y -# CONFIG_ORC_UNWINDER is not set +CONFIG_UNWINDER_FRAME_POINTER=y # # Security options @@ -5941,6 +5935,7 @@ CONFIG_CRYPTO_RNG_DEFAULT=y CONFIG_CRYPTO_AKCIPHER2=y CONFIG_CRYPTO_AKCIPHER=y CONFIG_CRYPTO_KPP2=y +CONFIG_CRYPTO_KPP=m CONFIG_CRYPTO_ACOMP2=y CONFIG_CRYPTO_RSA=y # CONFIG_CRYPTO_DH is not set diff --git a/system/easy-kernel/config-ppc b/system/easy-kernel/config-ppc index ac3d41e82..371a4de1a 100644 --- a/system/easy-kernel/config-ppc +++ b/system/easy-kernel/config-ppc @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/powerpc 4.14.8-mc2 Kernel Configuration +# Linux/powerpc 4.14.12-mc3 Kernel Configuration # # CONFIG_PPC64 is not set @@ -132,7 +132,10 @@ CONFIG_VIRT_CPU_ACCOUNTING=y CONFIG_VIRT_CPU_ACCOUNTING_NATIVE=y CONFIG_BSD_PROCESS_ACCT=y CONFIG_BSD_PROCESS_ACCT_V3=y -# CONFIG_TASKSTATS is not set +CONFIG_TASKSTATS=y +CONFIG_TASK_DELAY_ACCT=y +CONFIG_TASK_XACCT=y +CONFIG_TASK_IO_ACCOUNTING=y # # RCU Subsystem @@ -151,13 +154,16 @@ CONFIG_LOG_BUF_SHIFT=14 CONFIG_LOG_CPU_MAX_BUF_SHIFT=12 CONFIG_PRINTK_SAFE_LOG_BUF_SHIFT=13 CONFIG_CGROUPS=y -# CONFIG_MEMCG is not set +CONFIG_PAGE_COUNTER=y +CONFIG_MEMCG=y +# CONFIG_MEMCG_SWAP is not set CONFIG_BLK_CGROUP=y # CONFIG_DEBUG_BLK_CGROUP is not set +CONFIG_CGROUP_WRITEBACK=y CONFIG_CGROUP_SCHED=y CONFIG_CGROUP_PIDS=y -# CONFIG_CGROUP_RDMA is not set -# CONFIG_CGROUP_FREEZER is not set +CONFIG_CGROUP_RDMA=y +CONFIG_CGROUP_FREEZER=y CONFIG_CPUSETS=y CONFIG_PROC_PID_CPUSET=y CONFIG_CGROUP_DEVICE=y @@ -227,6 +233,7 @@ CONFIG_HAVE_PERF_EVENTS=y CONFIG_PERF_EVENTS=y CONFIG_VM_EVENT_COUNTERS=y CONFIG_SLUB_DEBUG=y +# CONFIG_SLUB_MEMCG_SYSFS_ON is not set # CONFIG_COMPAT_BRK is not set # CONFIG_SLAB is not set CONFIG_SLUB=y @@ -4214,7 +4221,9 @@ CONFIG_QUOTACTL=y CONFIG_AUTOFS4_FS=m CONFIG_FUSE_FS=m # CONFIG_CUSE is not set -# CONFIG_OVERLAY_FS is not set +CONFIG_OVERLAY_FS=y +# CONFIG_OVERLAY_FS_REDIRECT_DIR is not set +# CONFIG_OVERLAY_FS_INDEX is not set # # Caches diff --git a/system/easy-kernel/config-ppc64 b/system/easy-kernel/config-ppc64 index d2a2dff3a..5b0319d98 100644 --- a/system/easy-kernel/config-ppc64 +++ b/system/easy-kernel/config-ppc64 @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/powerpc 4.14.4-mc1 Kernel Configuration +# Linux/powerpc 4.14.12-mc3 Kernel Configuration # CONFIG_PPC64=y @@ -3876,7 +3876,7 @@ CONFIG_HFSPLUS_FS=m # CONFIG_BEFS_FS is not set # CONFIG_BFS_FS is not set # CONFIG_EFS_FS is not set -CONFIG_CRAMFS=y +CONFIG_CRAMFS=m CONFIG_SQUASHFS=y CONFIG_SQUASHFS_FILE_CACHE=y # CONFIG_SQUASHFS_FILE_DIRECT is not set @@ -4304,7 +4304,6 @@ CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR=y # CONFIG_HARDENED_USERCOPY is not set # CONFIG_FORTIFY_SOURCE is not set # CONFIG_STATIC_USERMODEHELPER is not set -# CONFIG_DEFAULT_SECURITY_APPARMOR is not set CONFIG_DEFAULT_SECURITY_DAC=y CONFIG_DEFAULT_SECURITY="" CONFIG_XOR_BLOCKS=m diff --git a/system/easy-kernel/config-x86_64 b/system/easy-kernel/config-x86_64 index ced0bcf04..21205357f 100644 --- a/system/easy-kernel/config-x86_64 +++ b/system/easy-kernel/config-x86_64 @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86 4.14.8-mc2 Kernel Configuration +# Linux/x86 4.14.19-mc4 Kernel Configuration # CONFIG_64BIT=y CONFIG_X86_64=y @@ -126,7 +126,8 @@ CONFIG_BSD_PROCESS_ACCT=y CONFIG_BSD_PROCESS_ACCT_V3=y CONFIG_TASKSTATS=y CONFIG_TASK_DELAY_ACCT=y -# CONFIG_TASK_XACCT is not set +CONFIG_TASK_XACCT=y +CONFIG_TASK_IO_ACCOUNTING=y # # RCU Subsystem @@ -163,6 +164,7 @@ CONFIG_CGROUP_FREEZER=y # CONFIG_CPUSETS is not set CONFIG_CGROUP_DEVICE=y CONFIG_CGROUP_PERF=y +# CONFIG_CGROUP_DEBUG is not set CONFIG_SOCK_CGROUP_DATA=y # CONFIG_CHECKPOINT_RESTORE is not set CONFIG_NAMESPACES=y @@ -189,7 +191,7 @@ CONFIG_HAVE_UID16=y CONFIG_SYSCTL_EXCEPTION_TRACE=y CONFIG_HAVE_PCSPKR_PLATFORM=y CONFIG_BPF=y -# CONFIG_EXPERT is not set +CONFIG_EXPERT=y CONFIG_UID16=y CONFIG_MULTIUSER=y CONFIG_SGETMASK_SYSCALL=y @@ -197,6 +199,7 @@ CONFIG_SYSFS_SYSCALL=y # CONFIG_SYSCTL_SYSCALL is not set CONFIG_POSIX_TIMERS=y CONFIG_KALLSYMS=y +# CONFIG_KALLSYMS_ALL is not set CONFIG_KALLSYMS_ABSOLUTE_PERCPU=y CONFIG_KALLSYMS_BASE_RELATIVE=y CONFIG_PRINTK=y @@ -226,12 +229,14 @@ CONFIG_HAVE_PERF_EVENTS=y # Kernel Performance Events And Counters # CONFIG_PERF_EVENTS=y +# CONFIG_DEBUG_PERF_USE_VMALLOC is not set CONFIG_VM_EVENT_COUNTERS=y CONFIG_SLUB_DEBUG=y # CONFIG_SLUB_MEMCG_SYSFS_ON is not set -CONFIG_COMPAT_BRK=y +# CONFIG_COMPAT_BRK is not set # CONFIG_SLAB is not set CONFIG_SLUB=y +# CONFIG_SLOB is not set # CONFIG_SLAB_MERGE_DEFAULT is not set CONFIG_SLAB_FREELIST_RANDOM=y CONFIG_SLAB_FREELIST_HARDENED=y @@ -434,6 +439,7 @@ CONFIG_X86_FAST_FEATURE_TESTS=y # CONFIG_X86_X2APIC is not set CONFIG_X86_MPPARSE=y # CONFIG_GOLDFISH is not set +CONFIG_RETPOLINE=y # CONFIG_INTEL_RDT is not set CONFIG_X86_EXTENDED_PLATFORM=y # CONFIG_X86_VSMP is not set @@ -446,6 +452,7 @@ CONFIG_X86_SUPPORTS_MEMORY_FAILURE=y CONFIG_SCHED_OMIT_FRAME_POINTER=y CONFIG_HYPERVISOR_GUEST=y CONFIG_PARAVIRT=y +# CONFIG_PARAVIRT_DEBUG is not set # CONFIG_PARAVIRT_SPINLOCKS is not set CONFIG_XEN=y CONFIG_XEN_PV=y @@ -491,6 +498,7 @@ CONFIG_X86_CMPXCHG64=y CONFIG_X86_CMOV=y CONFIG_X86_MINIMUM_CPU_FAMILY=64 CONFIG_X86_DEBUGCTLMSR=y +CONFIG_PROCESSOR_SELECT=y CONFIG_CPU_SUP_INTEL=y CONFIG_CPU_SUP_AMD=y CONFIG_CPU_SUP_CENTAUR=y @@ -502,6 +510,7 @@ CONFIG_CALGARY_IOMMU=y CONFIG_CALGARY_IOMMU_ENABLED_BY_DEFAULT=y CONFIG_SWIOTLB=y CONFIG_IOMMU_HELPER=y +# CONFIG_MAXSMP is not set CONFIG_NR_CPUS=64 CONFIG_SCHED_SMT=y CONFIG_SMT_NICE=y @@ -534,7 +543,7 @@ CONFIG_X86_VSYSCALL_EMULATION=y CONFIG_I8K=m CONFIG_MICROCODE=y CONFIG_MICROCODE_INTEL=y -# CONFIG_MICROCODE_AMD is not set +CONFIG_MICROCODE_AMD=y CONFIG_MICROCODE_OLD_INTERFACE=y # CONFIG_X86_MSR is not set CONFIG_X86_CPUID=m @@ -585,6 +594,7 @@ CONFIG_UKSM=y CONFIG_DEFAULT_MMAP_MIN_ADDR=4096 CONFIG_ARCH_SUPPORTS_MEMORY_FAILURE=y CONFIG_MEMORY_FAILURE=y +# CONFIG_HWPOISON_INJECT is not set CONFIG_TRANSPARENT_HUGEPAGE=y # CONFIG_TRANSPARENT_HUGEPAGE_ALWAYS is not set CONFIG_TRANSPARENT_HUGEPAGE_MADVISE=y @@ -661,6 +671,7 @@ CONFIG_ARCH_ENABLE_MEMORY_HOTREMOVE=y CONFIG_ARCH_HIBERNATION_HEADER=y CONFIG_SUSPEND=y CONFIG_SUSPEND_FREEZER=y +# CONFIG_SUSPEND_SKIP_SYNC is not set CONFIG_HIBERNATE_CALLBACKS=y CONFIG_HIBERNATION=y CONFIG_PM_STD_PARTITION="" @@ -784,6 +795,7 @@ CONFIG_PCI_DIRECT=y # CONFIG_PCI_MMCONFIG is not set CONFIG_PCI_XEN=y CONFIG_PCI_DOMAINS=y +# CONFIG_PCI_CNB20LE_QUIRK is not set CONFIG_PCIEPORTBUS=y # CONFIG_HOTPLUG_PCI_PCIE is not set CONFIG_PCIEAER=y @@ -801,6 +813,7 @@ CONFIG_PCIE_PME=y CONFIG_PCI_BUS_ADDR_T_64BIT=y CONFIG_PCI_MSI=y CONFIG_PCI_MSI_IRQ_DOMAIN=y +# CONFIG_PCI_DEBUG is not set # CONFIG_PCI_REALLOC_ENABLE_AUTO is not set CONFIG_PCI_STUB=m CONFIG_XEN_PCIDEV_FRONTEND=m @@ -837,6 +850,7 @@ CONFIG_VMD=m # PCI switch controller drivers # # CONFIG_PCI_SW_SWITCHTEC is not set +# CONFIG_ISA_BUS is not set CONFIG_ISA_DMA_API=y CONFIG_AMD_NB=y CONFIG_PCCARD=m @@ -857,7 +871,6 @@ CONFIG_PD6729=m CONFIG_I82092=m CONFIG_PCCARD_NONSTATIC=y # CONFIG_RAPIDIO is not set -CONFIG_X86_SYSFB=y # # Executable file formats / Emulations @@ -886,28 +899,37 @@ CONFIG_NET_INGRESS=y # Networking options # CONFIG_PACKET=y -# CONFIG_PACKET_DIAG is not set +CONFIG_PACKET_DIAG=m CONFIG_UNIX=y -# CONFIG_UNIX_DIAG is not set -# CONFIG_TLS is not set +CONFIG_UNIX_DIAG=m +CONFIG_TLS=m CONFIG_XFRM=y CONFIG_XFRM_OFFLOAD=y CONFIG_XFRM_ALGO=m -# CONFIG_XFRM_USER is not set +CONFIG_XFRM_USER=m # CONFIG_XFRM_SUB_POLICY is not set # CONFIG_XFRM_MIGRATE is not set # CONFIG_XFRM_STATISTICS is not set CONFIG_XFRM_IPCOMP=m # CONFIG_NET_KEY is not set CONFIG_INET=y -# CONFIG_IP_MULTICAST is not set -# CONFIG_IP_ADVANCED_ROUTER is not set -# CONFIG_IP_PNP is not set -# CONFIG_NET_IPIP is not set +CONFIG_IP_MULTICAST=y +CONFIG_IP_ADVANCED_ROUTER=y +# CONFIG_IP_FIB_TRIE_STATS is not set +# CONFIG_IP_MULTIPLE_TABLES is not set +# CONFIG_IP_ROUTE_MULTIPATH is not set +# CONFIG_IP_ROUTE_VERBOSE is not set +CONFIG_IP_ROUTE_CLASSID=y +CONFIG_IP_PNP=y +CONFIG_IP_PNP_DHCP=y +CONFIG_IP_PNP_BOOTP=y +# CONFIG_IP_PNP_RARP is not set +CONFIG_NET_IPIP=m # CONFIG_NET_IPGRE_DEMUX is not set CONFIG_NET_IP_TUNNEL=m -# CONFIG_SYN_COOKIES is not set -# CONFIG_NET_IPVTI is not set +# CONFIG_IP_MROUTE is not set +CONFIG_SYN_COOKIES=y +CONFIG_NET_IPVTI=m CONFIG_NET_UDP_TUNNEL=m # CONFIG_NET_FOU is not set # CONFIG_NET_FOU_IP_TUNNELS is not set @@ -922,26 +944,26 @@ CONFIG_INET_XFRM_MODE_TUNNEL=m CONFIG_INET_XFRM_MODE_BEET=m CONFIG_INET_DIAG=y CONFIG_INET_TCP_DIAG=y -# CONFIG_INET_UDP_DIAG is not set -# CONFIG_INET_RAW_DIAG is not set +CONFIG_INET_UDP_DIAG=m +CONFIG_INET_RAW_DIAG=m # CONFIG_INET_DIAG_DESTROY is not set CONFIG_TCP_CONG_ADVANCED=y CONFIG_TCP_CONG_BIC=m CONFIG_TCP_CONG_CUBIC=m CONFIG_TCP_CONG_WESTWOOD=y CONFIG_TCP_CONG_HTCP=m -# CONFIG_TCP_CONG_HSTCP is not set -# CONFIG_TCP_CONG_HYBLA is not set +CONFIG_TCP_CONG_HSTCP=m +CONFIG_TCP_CONG_HYBLA=m CONFIG_TCP_CONG_VEGAS=m -# CONFIG_TCP_CONG_NV is not set -# CONFIG_TCP_CONG_SCALABLE is not set -# CONFIG_TCP_CONG_LP is not set +CONFIG_TCP_CONG_NV=m +CONFIG_TCP_CONG_SCALABLE=m +CONFIG_TCP_CONG_LP=m CONFIG_TCP_CONG_VENO=m -# CONFIG_TCP_CONG_YEAH is not set -# CONFIG_TCP_CONG_ILLINOIS is not set -# CONFIG_TCP_CONG_DCTCP is not set -# CONFIG_TCP_CONG_CDG is not set -# CONFIG_TCP_CONG_BBR is not set +CONFIG_TCP_CONG_YEAH=m +CONFIG_TCP_CONG_ILLINOIS=m +CONFIG_TCP_CONG_DCTCP=m +CONFIG_TCP_CONG_CDG=m +CONFIG_TCP_CONG_BBR=m CONFIG_DEFAULT_WESTWOOD=y # CONFIG_DEFAULT_RENO is not set CONFIG_DEFAULT_TCP_CONG="westwood" @@ -987,11 +1009,12 @@ CONFIG_NETFILTER_NETLINK=m CONFIG_NETFILTER_NETLINK_LOG=m CONFIG_NF_CONNTRACK=m CONFIG_NF_LOG_COMMON=m -# CONFIG_NF_LOG_NETDEV is not set +CONFIG_NF_LOG_NETDEV=m CONFIG_NF_CONNTRACK_PROCFS=y CONFIG_NF_CONNTRACK_FTP=m CONFIG_NF_CONNTRACK_IRC=m -# CONFIG_NF_CONNTRACK_NETBIOS_NS is not set +CONFIG_NF_CONNTRACK_BROADCAST=m +CONFIG_NF_CONNTRACK_NETBIOS_NS=m CONFIG_NF_CONNTRACK_SIP=m CONFIG_NF_CT_NETLINK=m # CONFIG_NETFILTER_NETLINK_GLUE_CT is not set @@ -1002,7 +1025,7 @@ CONFIG_NF_NAT_FTP=m CONFIG_NF_NAT_IRC=m CONFIG_NF_NAT_SIP=m # CONFIG_NF_NAT_TFTP is not set -# CONFIG_NF_NAT_REDIRECT is not set +CONFIG_NF_NAT_REDIRECT=m CONFIG_NF_TABLES=m CONFIG_NF_TABLES_INET=m CONFIG_NF_TABLES_NETDEV=m @@ -1026,9 +1049,12 @@ CONFIG_NFT_REJECT=m CONFIG_NFT_REJECT_INET=m CONFIG_NFT_COMPAT=m CONFIG_NFT_HASH=m +CONFIG_NFT_FIB=m +CONFIG_NFT_FIB_INET=m CONFIG_NF_DUP_NETDEV=m CONFIG_NFT_DUP_NETDEV=m CONFIG_NFT_FWD_NETDEV=m +CONFIG_NFT_FIB_NETDEV=m CONFIG_NETFILTER_XTABLES=m # @@ -1041,9 +1067,9 @@ CONFIG_NETFILTER_XT_MARK=m # CONFIG_NETFILTER_XT_TARGET_LOG=m CONFIG_NETFILTER_XT_NAT=m -# CONFIG_NETFILTER_XT_TARGET_NETMAP is not set +CONFIG_NETFILTER_XT_TARGET_NETMAP=m CONFIG_NETFILTER_XT_TARGET_NFLOG=m -# CONFIG_NETFILTER_XT_TARGET_REDIRECT is not set +CONFIG_NETFILTER_XT_TARGET_REDIRECT=m CONFIG_NETFILTER_XT_TARGET_TCPMSS=m # @@ -1053,30 +1079,88 @@ CONFIG_NETFILTER_XT_MATCH_ADDRTYPE=m CONFIG_NETFILTER_XT_MATCH_CONNTRACK=m CONFIG_NETFILTER_XT_MATCH_POLICY=m CONFIG_NETFILTER_XT_MATCH_STATE=m -# CONFIG_IP_SET is not set -# CONFIG_IP_VS is not set +CONFIG_IP_SET=m +CONFIG_IP_SET_MAX=256 +CONFIG_IP_SET_BITMAP_IP=m +CONFIG_IP_SET_BITMAP_IPMAC=m +CONFIG_IP_SET_BITMAP_PORT=m +CONFIG_IP_SET_HASH_IP=m +CONFIG_IP_SET_HASH_IPMARK=m +CONFIG_IP_SET_HASH_IPPORT=m +CONFIG_IP_SET_HASH_IPPORTIP=m +CONFIG_IP_SET_HASH_IPPORTNET=m +CONFIG_IP_SET_HASH_IPMAC=m +CONFIG_IP_SET_HASH_MAC=m +CONFIG_IP_SET_HASH_NETPORTNET=m +CONFIG_IP_SET_HASH_NET=m +CONFIG_IP_SET_HASH_NETNET=m +CONFIG_IP_SET_HASH_NETPORT=m +CONFIG_IP_SET_HASH_NETIFACE=m +CONFIG_IP_SET_LIST_SET=m +CONFIG_IP_VS=m +CONFIG_IP_VS_IPV6=y +# CONFIG_IP_VS_DEBUG is not set +CONFIG_IP_VS_TAB_BITS=12 + +# +# IPVS transport protocol load balancing support +# +CONFIG_IP_VS_PROTO_TCP=y +CONFIG_IP_VS_PROTO_UDP=y +CONFIG_IP_VS_PROTO_AH_ESP=y +CONFIG_IP_VS_PROTO_ESP=y +CONFIG_IP_VS_PROTO_AH=y +CONFIG_IP_VS_PROTO_SCTP=y + +# +# IPVS scheduler +# +CONFIG_IP_VS_RR=m +CONFIG_IP_VS_WRR=m +CONFIG_IP_VS_LC=m +CONFIG_IP_VS_WLC=m +CONFIG_IP_VS_FO=m +CONFIG_IP_VS_OVF=m +CONFIG_IP_VS_LBLC=m +CONFIG_IP_VS_LBLCR=m +CONFIG_IP_VS_DH=m +CONFIG_IP_VS_SH=m +CONFIG_IP_VS_SED=m +CONFIG_IP_VS_NQ=m + +# +# IPVS SH scheduler +# +CONFIG_IP_VS_SH_TAB_BITS=8 + +# +# IPVS application helper +# +CONFIG_IP_VS_FTP=m +CONFIG_IP_VS_NFCT=y +CONFIG_IP_VS_PE_SIP=m # # IP: Netfilter Configuration # CONFIG_NF_DEFRAG_IPV4=m CONFIG_NF_CONNTRACK_IPV4=m -# CONFIG_NF_SOCKET_IPV4 is not set +CONFIG_NF_SOCKET_IPV4=m CONFIG_NF_TABLES_IPV4=m -# CONFIG_NFT_CHAIN_ROUTE_IPV4 is not set +CONFIG_NFT_CHAIN_ROUTE_IPV4=m CONFIG_NFT_REJECT_IPV4=m -# CONFIG_NFT_DUP_IPV4 is not set -# CONFIG_NFT_FIB_IPV4 is not set -# CONFIG_NF_TABLES_ARP is not set -# CONFIG_NF_DUP_IPV4 is not set +CONFIG_NFT_DUP_IPV4=m +CONFIG_NFT_FIB_IPV4=m +CONFIG_NF_TABLES_ARP=m +CONFIG_NF_DUP_IPV4=m CONFIG_NF_LOG_ARP=m CONFIG_NF_LOG_IPV4=m CONFIG_NF_REJECT_IPV4=m CONFIG_NF_NAT_IPV4=m -# CONFIG_NFT_CHAIN_NAT_IPV4 is not set +CONFIG_NFT_CHAIN_NAT_IPV4=m CONFIG_NF_NAT_MASQUERADE_IPV4=m -# CONFIG_NFT_MASQ_IPV4 is not set -# CONFIG_NFT_REDIR_IPV4 is not set +CONFIG_NFT_MASQ_IPV4=m +CONFIG_NFT_REDIR_IPV4=m # CONFIG_NF_NAT_PPTP is not set # CONFIG_NF_NAT_H323 is not set CONFIG_IP_NF_IPTABLES=m @@ -1085,20 +1169,20 @@ CONFIG_IP_NF_TARGET_REJECT=m CONFIG_IP_NF_NAT=m CONFIG_IP_NF_TARGET_MASQUERADE=m CONFIG_IP_NF_MANGLE=m -# CONFIG_IP_NF_RAW is not set +CONFIG_IP_NF_RAW=m # # IPv6: Netfilter Configuration # CONFIG_NF_DEFRAG_IPV6=m CONFIG_NF_CONNTRACK_IPV6=m -# CONFIG_NF_SOCKET_IPV6 is not set +CONFIG_NF_SOCKET_IPV6=m CONFIG_NF_TABLES_IPV6=m -# CONFIG_NFT_CHAIN_ROUTE_IPV6 is not set +CONFIG_NFT_CHAIN_ROUTE_IPV6=m CONFIG_NFT_REJECT_IPV6=m -# CONFIG_NFT_DUP_IPV6 is not set -# CONFIG_NFT_FIB_IPV6 is not set -# CONFIG_NF_DUP_IPV6 is not set +CONFIG_NFT_DUP_IPV6=m +CONFIG_NFT_FIB_IPV6=m +CONFIG_NF_DUP_IPV6=m CONFIG_NF_REJECT_IPV6=m CONFIG_NF_LOG_IPV6=m CONFIG_IP6_NF_IPTABLES=m @@ -1106,8 +1190,47 @@ CONFIG_IP6_NF_MATCH_IPV6HEADER=m CONFIG_IP6_NF_FILTER=m CONFIG_IP6_NF_TARGET_REJECT=m CONFIG_IP6_NF_MANGLE=m -# CONFIG_IP6_NF_RAW is not set -# CONFIG_IP_DCCP is not set +CONFIG_IP6_NF_RAW=m +CONFIG_NF_TABLES_BRIDGE=m +CONFIG_NFT_BRIDGE_META=m +CONFIG_NFT_BRIDGE_REJECT=m +CONFIG_NF_LOG_BRIDGE=m +CONFIG_BRIDGE_NF_EBTABLES=m +CONFIG_BRIDGE_EBT_BROUTE=m +CONFIG_BRIDGE_EBT_T_FILTER=m +CONFIG_BRIDGE_EBT_T_NAT=m +CONFIG_BRIDGE_EBT_802_3=m +CONFIG_BRIDGE_EBT_AMONG=m +CONFIG_BRIDGE_EBT_ARP=m +CONFIG_BRIDGE_EBT_IP=m +CONFIG_BRIDGE_EBT_IP6=m +CONFIG_BRIDGE_EBT_LIMIT=m +CONFIG_BRIDGE_EBT_MARK=m +CONFIG_BRIDGE_EBT_PKTTYPE=m +CONFIG_BRIDGE_EBT_STP=m +CONFIG_BRIDGE_EBT_VLAN=m +CONFIG_BRIDGE_EBT_ARPREPLY=m +CONFIG_BRIDGE_EBT_DNAT=m +CONFIG_BRIDGE_EBT_MARK_T=m +CONFIG_BRIDGE_EBT_REDIRECT=m +CONFIG_BRIDGE_EBT_SNAT=m +CONFIG_BRIDGE_EBT_LOG=m +CONFIG_BRIDGE_EBT_NFLOG=m +CONFIG_IP_DCCP=m +CONFIG_INET_DCCP_DIAG=m + +# +# DCCP CCIDs Configuration +# +# CONFIG_IP_DCCP_CCID2_DEBUG is not set +CONFIG_IP_DCCP_CCID3=y +# CONFIG_IP_DCCP_CCID3_DEBUG is not set +CONFIG_IP_DCCP_TFRC_LIB=y + +# +# DCCP Kernel Hacking +# +# CONFIG_IP_DCCP_DEBUG is not set CONFIG_IP_SCTP=m # CONFIG_SCTP_DBG_OBJCNT is not set CONFIG_SCTP_DEFAULT_COOKIE_HMAC_MD5=y @@ -1116,100 +1239,180 @@ CONFIG_SCTP_DEFAULT_COOKIE_HMAC_MD5=y CONFIG_SCTP_COOKIE_HMAC_MD5=y CONFIG_SCTP_COOKIE_HMAC_SHA1=y CONFIG_INET_SCTP_DIAG=m -# CONFIG_RDS is not set -# CONFIG_TIPC is not set -# CONFIG_ATM is not set +CONFIG_RDS=m +CONFIG_RDS_TCP=m +# CONFIG_RDS_DEBUG is not set +CONFIG_TIPC=m +CONFIG_TIPC_MEDIA_UDP=y +CONFIG_ATM=m +CONFIG_ATM_CLIP=m +# CONFIG_ATM_CLIP_NO_ICMP is not set +CONFIG_ATM_LANE=m +CONFIG_ATM_MPOA=m +CONFIG_ATM_BR2684=m +# CONFIG_ATM_BR2684_IPFILTER is not set CONFIG_L2TP=m -# CONFIG_L2TP_V3 is not set -# CONFIG_BRIDGE is not set +CONFIG_L2TP_V3=y +CONFIG_L2TP_IP=m +CONFIG_L2TP_ETH=m +CONFIG_STP=m +CONFIG_GARP=m +CONFIG_MRP=m +CONFIG_BRIDGE=m +CONFIG_BRIDGE_IGMP_SNOOPING=y +CONFIG_BRIDGE_VLAN_FILTERING=y CONFIG_HAVE_NET_DSA=y -# CONFIG_NET_DSA is not set +CONFIG_NET_DSA=m CONFIG_VLAN_8021Q=m -# CONFIG_VLAN_8021Q_GVRP is not set -# CONFIG_VLAN_8021Q_MVRP is not set -# CONFIG_DECNET is not set +CONFIG_VLAN_8021Q_GVRP=y +CONFIG_VLAN_8021Q_MVRP=y +CONFIG_DECNET=m +CONFIG_DECNET_ROUTER=y CONFIG_LLC=m -# CONFIG_LLC2 is not set -# CONFIG_IPX is not set +CONFIG_LLC2=m +CONFIG_IPX=m +CONFIG_IPX_INTERN=y CONFIG_ATALK=m CONFIG_DEV_APPLETALK=m CONFIG_IPDDP=m -# CONFIG_IPDDP_ENCAP is not set -# CONFIG_X25 is not set -# CONFIG_LAPB is not set -# CONFIG_PHONET is not set -# CONFIG_6LOWPAN is not set -# CONFIG_IEEE802154 is not set +CONFIG_IPDDP_ENCAP=y +CONFIG_X25=m +CONFIG_LAPB=m +CONFIG_PHONET=m +CONFIG_6LOWPAN=m +CONFIG_6LOWPAN_NHC=m +CONFIG_6LOWPAN_NHC_DEST=m +CONFIG_6LOWPAN_NHC_FRAGMENT=m +CONFIG_6LOWPAN_NHC_HOP=m +CONFIG_6LOWPAN_NHC_IPV6=m +CONFIG_6LOWPAN_NHC_MOBILITY=m +CONFIG_6LOWPAN_NHC_ROUTING=m +CONFIG_6LOWPAN_NHC_UDP=m +CONFIG_6LOWPAN_GHC_EXT_HDR_HOP=m +CONFIG_6LOWPAN_GHC_UDP=m +CONFIG_6LOWPAN_GHC_ICMPV6=m +CONFIG_6LOWPAN_GHC_EXT_HDR_DEST=m +CONFIG_6LOWPAN_GHC_EXT_HDR_FRAG=m +CONFIG_6LOWPAN_GHC_EXT_HDR_ROUTE=m +CONFIG_IEEE802154=m +# CONFIG_IEEE802154_NL802154_EXPERIMENTAL is not set +CONFIG_IEEE802154_SOCKET=m +CONFIG_IEEE802154_6LOWPAN=m +CONFIG_MAC802154=m CONFIG_NET_SCHED=y # # Queueing/Scheduling # CONFIG_NET_SCH_CBQ=m -# CONFIG_NET_SCH_HTB is not set -# CONFIG_NET_SCH_HFSC is not set -# CONFIG_NET_SCH_PRIO is not set -# CONFIG_NET_SCH_MULTIQ is not set -# CONFIG_NET_SCH_RED is not set -# CONFIG_NET_SCH_SFB is not set -# CONFIG_NET_SCH_SFQ is not set -# CONFIG_NET_SCH_TEQL is not set -# CONFIG_NET_SCH_TBF is not set -# CONFIG_NET_SCH_GRED is not set -# CONFIG_NET_SCH_DSMARK is not set -# CONFIG_NET_SCH_NETEM is not set -# CONFIG_NET_SCH_DRR is not set -# CONFIG_NET_SCH_MQPRIO is not set -# CONFIG_NET_SCH_CHOKE is not set -# CONFIG_NET_SCH_QFQ is not set -# CONFIG_NET_SCH_CODEL is not set -# CONFIG_NET_SCH_FQ_CODEL is not set -# CONFIG_NET_SCH_FQ is not set -# CONFIG_NET_SCH_HHF is not set -# CONFIG_NET_SCH_PIE is not set -# CONFIG_NET_SCH_PLUG is not set +CONFIG_NET_SCH_HTB=m +CONFIG_NET_SCH_HFSC=m +CONFIG_NET_SCH_ATM=m +CONFIG_NET_SCH_PRIO=m +CONFIG_NET_SCH_MULTIQ=m +CONFIG_NET_SCH_RED=m +CONFIG_NET_SCH_SFB=m +CONFIG_NET_SCH_SFQ=m +CONFIG_NET_SCH_TEQL=m +CONFIG_NET_SCH_TBF=m +CONFIG_NET_SCH_GRED=m +CONFIG_NET_SCH_DSMARK=m +CONFIG_NET_SCH_NETEM=m +CONFIG_NET_SCH_DRR=m +CONFIG_NET_SCH_MQPRIO=m +CONFIG_NET_SCH_CHOKE=m +CONFIG_NET_SCH_QFQ=m +CONFIG_NET_SCH_CODEL=m +CONFIG_NET_SCH_FQ_CODEL=m +CONFIG_NET_SCH_FQ=m +CONFIG_NET_SCH_HHF=m +CONFIG_NET_SCH_PIE=m +# CONFIG_NET_SCH_INGRESS is not set +CONFIG_NET_SCH_PLUG=m # CONFIG_NET_SCH_DEFAULT is not set # # Classification # CONFIG_NET_CLS=y -# CONFIG_NET_CLS_BASIC is not set -# CONFIG_NET_CLS_TCINDEX is not set -# CONFIG_NET_CLS_ROUTE4 is not set +CONFIG_NET_CLS_BASIC=m +CONFIG_NET_CLS_TCINDEX=m +CONFIG_NET_CLS_ROUTE4=m CONFIG_NET_CLS_FW=m -# CONFIG_NET_CLS_U32 is not set -# CONFIG_NET_CLS_RSVP is not set -# CONFIG_NET_CLS_RSVP6 is not set -# CONFIG_NET_CLS_FLOW is not set +CONFIG_NET_CLS_U32=m +# CONFIG_CLS_U32_PERF is not set +# CONFIG_CLS_U32_MARK is not set +CONFIG_NET_CLS_RSVP=m +CONFIG_NET_CLS_RSVP6=m +CONFIG_NET_CLS_FLOW=m CONFIG_NET_CLS_CGROUP=m -# CONFIG_NET_CLS_BPF is not set -# CONFIG_NET_CLS_FLOWER is not set -# CONFIG_NET_CLS_MATCHALL is not set -# CONFIG_NET_EMATCH is not set -# CONFIG_NET_CLS_ACT is not set -# CONFIG_NET_CLS_IND is not set +CONFIG_NET_CLS_BPF=m +CONFIG_NET_CLS_FLOWER=m +CONFIG_NET_CLS_MATCHALL=m +CONFIG_NET_EMATCH=y +CONFIG_NET_EMATCH_STACK=32 +CONFIG_NET_EMATCH_CMP=m +CONFIG_NET_EMATCH_NBYTE=m +CONFIG_NET_EMATCH_U32=m +CONFIG_NET_EMATCH_META=m +CONFIG_NET_EMATCH_TEXT=m +CONFIG_NET_EMATCH_CANID=m +CONFIG_NET_EMATCH_IPSET=m +CONFIG_NET_CLS_ACT=y +CONFIG_NET_ACT_POLICE=m +CONFIG_NET_ACT_GACT=m +# CONFIG_GACT_PROB is not set +CONFIG_NET_ACT_MIRRED=m +CONFIG_NET_ACT_SAMPLE=m +CONFIG_NET_ACT_IPT=m +CONFIG_NET_ACT_NAT=m +CONFIG_NET_ACT_PEDIT=m +CONFIG_NET_ACT_SIMP=m +CONFIG_NET_ACT_SKBEDIT=m +CONFIG_NET_ACT_CSUM=m +CONFIG_NET_ACT_VLAN=m +CONFIG_NET_ACT_BPF=m +CONFIG_NET_ACT_SKBMOD=m +CONFIG_NET_ACT_IFE=m +CONFIG_NET_ACT_TUNNEL_KEY=m +CONFIG_NET_IFE_SKBMARK=m +CONFIG_NET_IFE_SKBPRIO=m +CONFIG_NET_IFE_SKBTCINDEX=m +CONFIG_NET_CLS_IND=y CONFIG_NET_SCH_FIFO=y # CONFIG_DCB is not set CONFIG_DNS_RESOLVER=m -# CONFIG_BATMAN_ADV is not set -# CONFIG_OPENVSWITCH is not set -# CONFIG_VSOCKETS is not set +CONFIG_BATMAN_ADV=m +# CONFIG_BATMAN_ADV_BATMAN_V is not set +CONFIG_BATMAN_ADV_BLA=y +# CONFIG_BATMAN_ADV_DAT is not set +# CONFIG_BATMAN_ADV_NC is not set +# CONFIG_BATMAN_ADV_MCAST is not set +CONFIG_OPENVSWITCH=m +CONFIG_OPENVSWITCH_VXLAN=m +CONFIG_OPENVSWITCH_GENEVE=m +CONFIG_VSOCKETS=m +# CONFIG_VMWARE_VMCI_VSOCKETS is not set +CONFIG_VIRTIO_VSOCKETS=m +CONFIG_VIRTIO_VSOCKETS_COMMON=m +CONFIG_HYPERV_VSOCKETS=m CONFIG_NETLINK_DIAG=m -# CONFIG_MPLS is not set +CONFIG_MPLS=y +CONFIG_NET_MPLS_GSO=m +CONFIG_MPLS_ROUTING=m # CONFIG_NET_NSH is not set -# CONFIG_HSR is not set -# CONFIG_NET_SWITCHDEV is not set +CONFIG_HSR=m +CONFIG_NET_SWITCHDEV=y # CONFIG_NET_L3_MASTER_DEV is not set # CONFIG_NET_NCSI is not set CONFIG_RPS=y CONFIG_RFS_ACCEL=y CONFIG_XPS=y -# CONFIG_CGROUP_NET_PRIO is not set +CONFIG_CGROUP_NET_PRIO=y CONFIG_CGROUP_NET_CLASSID=y CONFIG_NET_RX_BUSY_POLL=y CONFIG_BQL=y -# CONFIG_BPF_JIT is not set +CONFIG_BPF_JIT=y CONFIG_NET_FLOW_LIMIT=y # @@ -1234,7 +1437,7 @@ CONFIG_6PACK=m CONFIG_BPQETHER=m CONFIG_BAYCOM_SER_FDX=m CONFIG_BAYCOM_SER_HDX=m -# CONFIG_BAYCOM_PAR is not set +CONFIG_BAYCOM_PAR=m CONFIG_YAM=m CONFIG_CAN=m CONFIG_CAN_RAW=m @@ -1249,8 +1452,8 @@ CONFIG_CAN_VXCAN=m CONFIG_CAN_SLCAN=m CONFIG_CAN_DEV=m CONFIG_CAN_CALC_BITTIMING=y -# CONFIG_CAN_LEDS is not set -# CONFIG_CAN_GRCAN is not set +CONFIG_CAN_LEDS=y +CONFIG_CAN_GRCAN=m CONFIG_CAN_C_CAN=m CONFIG_CAN_C_CAN_PLATFORM=m CONFIG_CAN_C_CAN_PCI=m @@ -1273,6 +1476,12 @@ CONFIG_CAN_SOFTING=m CONFIG_CAN_SOFTING_CS=m # +# CAN SPI interfaces +# +# CONFIG_CAN_HI311X is not set +# CONFIG_CAN_MCP251X is not set + +# # CAN USB interfaces # # CONFIG_CAN_EMS_USB is not set @@ -1290,44 +1499,53 @@ CONFIG_BT_RFCOMM=m CONFIG_BT_BNEP=m # CONFIG_BT_BNEP_MC_FILTER is not set # CONFIG_BT_BNEP_PROTO_FILTER is not set +# CONFIG_BT_CMTP is not set CONFIG_BT_HIDP=m CONFIG_BT_HS=y CONFIG_BT_LE=y -# CONFIG_BT_LEDS is not set +# CONFIG_BT_6LOWPAN is not set +CONFIG_BT_LEDS=y +# CONFIG_BT_SELFTEST is not set # # Bluetooth device drivers # CONFIG_BT_INTEL=m +CONFIG_BT_BCM=m +CONFIG_BT_RTL=m CONFIG_BT_QCA=m -# CONFIG_BT_HCIBTUSB is not set -# CONFIG_BT_HCIBTSDIO is not set +CONFIG_BT_HCIBTUSB=m +CONFIG_BT_HCIBTUSB_BCM=y +CONFIG_BT_HCIBTUSB_RTL=y +CONFIG_BT_HCIBTSDIO=m CONFIG_BT_HCIUART=m CONFIG_BT_HCIUART_SERDEV=y CONFIG_BT_HCIUART_H4=y -# CONFIG_BT_HCIUART_NOKIA is not set -# CONFIG_BT_HCIUART_BCSP is not set -# CONFIG_BT_HCIUART_ATH3K is not set -# CONFIG_BT_HCIUART_LL is not set -# CONFIG_BT_HCIUART_3WIRE is not set +CONFIG_BT_HCIUART_NOKIA=m +CONFIG_BT_HCIUART_BCSP=y +CONFIG_BT_HCIUART_ATH3K=y +CONFIG_BT_HCIUART_LL=y +CONFIG_BT_HCIUART_3WIRE=y CONFIG_BT_HCIUART_INTEL=y -# CONFIG_BT_HCIUART_BCM is not set +CONFIG_BT_HCIUART_BCM=y CONFIG_BT_HCIUART_QCA=y CONFIG_BT_HCIUART_AG6XX=y CONFIG_BT_HCIUART_MRVL=y -# CONFIG_BT_HCIBCM203X is not set -# CONFIG_BT_HCIBPA10X is not set -# CONFIG_BT_HCIBFUSB is not set +CONFIG_BT_HCIBCM203X=m +CONFIG_BT_HCIBPA10X=m +CONFIG_BT_HCIBFUSB=m CONFIG_BT_HCIDTL1=m CONFIG_BT_HCIBT3C=m CONFIG_BT_HCIBLUECARD=m CONFIG_BT_HCIBTUART=m CONFIG_BT_HCIVHCI=m CONFIG_BT_MRVL=m -# CONFIG_BT_MRVL_SDIO is not set +CONFIG_BT_MRVL_SDIO=m +CONFIG_BT_ATH3K=m # CONFIG_AF_RXRPC is not set # CONFIG_AF_KCM is not set # CONFIG_STREAM_PARSER is not set +CONFIG_FIB_RULES=y CONFIG_WIRELESS=y CONFIG_WIRELESS_EXT=y CONFIG_WEXT_CORE=y @@ -1337,6 +1555,7 @@ CONFIG_WEXT_PRIV=y CONFIG_CFG80211=m # CONFIG_NL80211_TESTMODE is not set # CONFIG_CFG80211_DEVELOPER_WARNINGS is not set +# CONFIG_CFG80211_CERTIFICATION_ONUS is not set CONFIG_CFG80211_DEFAULT_PS=y # CONFIG_CFG80211_INTERNAL_REGDB is not set CONFIG_CFG80211_CRDA_SUPPORT=y @@ -1359,19 +1578,63 @@ CONFIG_MAC80211_LEDS=y # CONFIG_MAC80211_MESSAGE_TRACING is not set # CONFIG_MAC80211_DEBUG_MENU is not set CONFIG_MAC80211_STA_HASH_MAX_SIZE=0 -# CONFIG_WIMAX is not set -# CONFIG_RFKILL is not set -# CONFIG_NET_9P is not set +CONFIG_WIMAX=m +CONFIG_WIMAX_DEBUG_LEVEL=8 +CONFIG_RFKILL=m +CONFIG_RFKILL_LEDS=y +# CONFIG_RFKILL_INPUT is not set +CONFIG_NET_9P=m +CONFIG_NET_9P_VIRTIO=m +CONFIG_NET_9P_XEN=m +# CONFIG_NET_9P_DEBUG is not set # CONFIG_CAIF is not set -# CONFIG_CEPH_LIB is not set -# CONFIG_NFC is not set -# CONFIG_PSAMPLE is not set -# CONFIG_NET_IFE is not set +CONFIG_CEPH_LIB=m +# CONFIG_CEPH_LIB_PRETTYDEBUG is not set +# CONFIG_CEPH_LIB_USE_DNS_RESOLVER is not set +CONFIG_NFC=m +CONFIG_NFC_DIGITAL=m +CONFIG_NFC_NCI=m +# CONFIG_NFC_NCI_SPI is not set +CONFIG_NFC_NCI_UART=m +CONFIG_NFC_HCI=m +CONFIG_NFC_SHDLC=y + +# +# Near Field Communication (NFC) devices +# +# CONFIG_NFC_MEI_PHY is not set +# CONFIG_NFC_SIM is not set +CONFIG_NFC_PORT100=m +CONFIG_NFC_FDP=m +CONFIG_NFC_FDP_I2C=m +CONFIG_NFC_PN544=m +CONFIG_NFC_PN544_I2C=m +CONFIG_NFC_PN533=m +CONFIG_NFC_PN533_USB=m +CONFIG_NFC_PN533_I2C=m +CONFIG_NFC_MICROREAD=m +CONFIG_NFC_MICROREAD_I2C=m +CONFIG_NFC_MRVL=m +CONFIG_NFC_MRVL_USB=m +CONFIG_NFC_MRVL_UART=m +CONFIG_NFC_MRVL_I2C=m +CONFIG_NFC_ST21NFCA=m +CONFIG_NFC_ST21NFCA_I2C=m +CONFIG_NFC_ST_NCI=m +CONFIG_NFC_ST_NCI_I2C=m +# CONFIG_NFC_ST_NCI_SPI is not set +CONFIG_NFC_NXP_NCI=m +CONFIG_NFC_NXP_NCI_I2C=m +CONFIG_NFC_S3FWRN5=m +CONFIG_NFC_S3FWRN5_I2C=m +# CONFIG_NFC_ST95HF is not set +CONFIG_PSAMPLE=m +CONFIG_NET_IFE=m # CONFIG_LWTUNNEL is not set CONFIG_DST_CACHE=y CONFIG_GRO_CELLS=y -# CONFIG_NET_DEVLINK is not set -CONFIG_MAY_USE_DEVLINK=y +CONFIG_NET_DEVLINK=m +CONFIG_MAY_USE_DEVLINK=m CONFIG_HAVE_EBPF_JIT=y # @@ -1394,12 +1657,17 @@ CONFIG_EXTRA_FIRMWARE="" CONFIG_WANT_DEV_COREDUMP=y CONFIG_ALLOW_DEV_COREDUMP=y CONFIG_DEV_COREDUMP=y +# CONFIG_DEBUG_DRIVER is not set +# CONFIG_DEBUG_DEVRES is not set +# CONFIG_DEBUG_TEST_DRIVER_REMOVE is not set # CONFIG_TEST_ASYNC_DRIVER_PROBE is not set CONFIG_SYS_HYPERVISOR=y # CONFIG_GENERIC_CPU_DEVICES is not set CONFIG_GENERIC_CPU_AUTOPROBE=y +CONFIG_GENERIC_CPU_VULNERABILITIES=y CONFIG_REGMAP=y CONFIG_REGMAP_I2C=m +CONFIG_REGMAP_SPI=m CONFIG_REGMAP_MMIO=y CONFIG_DMA_SHARED_BUFFER=y # CONFIG_DMA_FENCE_TRACE is not set @@ -1488,38 +1756,43 @@ CONFIG_ATA_OVER_ETH=m CONFIG_XEN_BLKDEV_FRONTEND=y CONFIG_XEN_BLKDEV_BACKEND=y CONFIG_VIRTIO_BLK=y -CONFIG_VIRTIO_BLK_SCSI=y +# CONFIG_VIRTIO_BLK_SCSI is not set # CONFIG_BLK_DEV_RBD is not set CONFIG_BLK_DEV_RSXX=m CONFIG_NVME_CORE=y CONFIG_BLK_DEV_NVME=y CONFIG_NVME_FABRICS=y CONFIG_NVME_FC=y -# CONFIG_NVME_TARGET is not set +CONFIG_NVME_TARGET=m +# CONFIG_NVME_TARGET_LOOP is not set +# CONFIG_NVME_TARGET_FC is not set # # Misc devices # -# CONFIG_SENSORS_LIS3LV02D is not set +CONFIG_SENSORS_LIS3LV02D=m # CONFIG_AD525X_DPOT is not set # CONFIG_DUMMY_IRQ is not set -# CONFIG_IBM_ASM is not set +CONFIG_IBM_ASM=m # CONFIG_PHANTOM is not set # CONFIG_SGI_IOC4 is not set CONFIG_TIFM_CORE=m CONFIG_TIFM_7XX1=m # CONFIG_ICS932S401 is not set -# CONFIG_ENCLOSURE_SERVICES is not set -# CONFIG_HP_ILO is not set +CONFIG_ENCLOSURE_SERVICES=m +CONFIG_HP_ILO=m # CONFIG_APDS9802ALS is not set -# CONFIG_ISL29003 is not set -# CONFIG_ISL29020 is not set -# CONFIG_SENSORS_TSL2550 is not set +CONFIG_ISL29003=m +CONFIG_ISL29020=m +CONFIG_SENSORS_TSL2550=m # CONFIG_SENSORS_BH1770 is not set # CONFIG_SENSORS_APDS990X is not set # CONFIG_HMC6352 is not set # CONFIG_DS1682 is not set +# CONFIG_TI_DAC7512 is not set +CONFIG_VMWARE_BALLOON=m # CONFIG_USB_SWITCH_FSA9480 is not set +# CONFIG_LATTICE_ECP3_CONFIG is not set # CONFIG_SRAM is not set # CONFIG_PCI_ENDPOINT_TEST is not set # CONFIG_C2PORT is not set @@ -1527,11 +1800,13 @@ CONFIG_TIFM_7XX1=m # # EEPROM support # -# CONFIG_EEPROM_AT24 is not set -# CONFIG_EEPROM_LEGACY is not set +CONFIG_EEPROM_AT24=m +# CONFIG_EEPROM_AT25 is not set +CONFIG_EEPROM_LEGACY=m # CONFIG_EEPROM_MAX6875 is not set CONFIG_EEPROM_93CX6=y -# CONFIG_EEPROM_IDT_89HPESX is not set +# CONFIG_EEPROM_93XX46 is not set +CONFIG_EEPROM_IDT_89HPESX=m CONFIG_CB710_CORE=m # CONFIG_CB710_DEBUG is not set CONFIG_CB710_DEBUG_ASSUMPTIONS=y @@ -1545,45 +1820,51 @@ CONFIG_CB710_DEBUG_ASSUMPTIONS=y # Altera FPGA firmware download module # # CONFIG_ALTERA_STAPL is not set -# CONFIG_INTEL_MEI is not set -# CONFIG_INTEL_MEI_ME is not set -# CONFIG_INTEL_MEI_TXE is not set -# CONFIG_VMWARE_VMCI is not set +CONFIG_INTEL_MEI=m +CONFIG_INTEL_MEI_ME=m +CONFIG_INTEL_MEI_TXE=m +CONFIG_VMWARE_VMCI=m # # Intel MIC Bus Driver # -# CONFIG_INTEL_MIC_BUS is not set +CONFIG_INTEL_MIC_BUS=m # # SCIF Bus Driver # -# CONFIG_SCIF_BUS is not set +CONFIG_SCIF_BUS=m # # VOP Bus Driver # -# CONFIG_VOP_BUS is not set +CONFIG_VOP_BUS=m # # Intel MIC Host Driver # +CONFIG_INTEL_MIC_HOST=m # # Intel MIC Card Driver # +CONFIG_INTEL_MIC_CARD=m # # SCIF Driver # +CONFIG_SCIF=m # # Intel MIC Coprocessor State Management (COSM) Drivers # +CONFIG_MIC_COSM=m # # VOP Driver # +CONFIG_VOP=m +CONFIG_VHOST_RING=m # CONFIG_GENWQE is not set # CONFIG_ECHO is not set # CONFIG_CXL_BASE is not set @@ -1613,6 +1894,7 @@ CONFIG_BLK_DEV_SR=y # CONFIG_BLK_DEV_SR_VENDOR is not set CONFIG_CHR_DEV_SG=y CONFIG_CHR_DEV_SCH=y +# CONFIG_SCSI_ENCLOSURE is not set # CONFIG_SCSI_CONSTANTS is not set # CONFIG_SCSI_LOGGING is not set # CONFIG_SCSI_SCAN_ASYNC is not set @@ -1629,7 +1911,7 @@ CONFIG_SCSI_SAS_LIBSAS=y CONFIG_SCSI_SAS_HOST_SMP=y CONFIG_SCSI_SRP_ATTRS=y CONFIG_SCSI_LOWLEVEL=y -# CONFIG_ISCSI_TCP is not set +CONFIG_ISCSI_TCP=m CONFIG_ISCSI_BOOT_SYSFS=y CONFIG_SCSI_CXGB3_ISCSI=m CONFIG_SCSI_CXGB4_ISCSI=m @@ -1709,7 +1991,7 @@ CONFIG_SCSI_SYM53C8XX_MMIO=y CONFIG_SCSI_QLOGIC_1280=m CONFIG_SCSI_QLA_FC=m CONFIG_SCSI_QLA_ISCSI=m -# CONFIG_QEDI is not set +CONFIG_QEDI=m CONFIG_SCSI_LPFC=m CONFIG_SCSI_DC395x=m CONFIG_SCSI_AM53C974=m @@ -1762,6 +2044,7 @@ CONFIG_ATA_BMDMA=y # SATA SFF controllers with BMDMA # CONFIG_ATA_PIIX=y +# CONFIG_SATA_DWC is not set CONFIG_SATA_MV=y CONFIG_SATA_NV=y CONFIG_SATA_PROMISE=y @@ -1818,6 +2101,7 @@ CONFIG_PATA_MPIIX=m CONFIG_PATA_NS87410=m CONFIG_PATA_OPTI=m CONFIG_PATA_PCMCIA=m +# CONFIG_PATA_PLATFORM is not set CONFIG_PATA_RZ1000=m # @@ -1836,7 +2120,9 @@ CONFIG_MD_RAID10=y CONFIG_MD_RAID456=y CONFIG_MD_MULTIPATH=y # CONFIG_MD_FAULTY is not set -# CONFIG_BCACHE is not set +CONFIG_BCACHE=m +# CONFIG_BCACHE_DEBUG is not set +# CONFIG_BCACHE_CLOSURES_DEBUG is not set CONFIG_BLK_DEV_DM_BUILTIN=y CONFIG_BLK_DEV_DM=y CONFIG_DM_MQ_DEFAULT=y @@ -1885,6 +2171,7 @@ CONFIG_BONDING=m # CONFIG_DUMMY is not set # CONFIG_EQUALIZER is not set # CONFIG_NET_FC is not set +# CONFIG_IFB is not set CONFIG_NET_TEAM=m # CONFIG_NET_TEAM_MODE_BROADCAST is not set # CONFIG_NET_TEAM_MODE_ROUNDROBIN is not set @@ -1893,10 +2180,10 @@ CONFIG_NET_TEAM=m # CONFIG_NET_TEAM_MODE_LOADBALANCE is not set CONFIG_MACVLAN=m CONFIG_MACVTAP=m -# CONFIG_VXLAN is not set -# CONFIG_GENEVE is not set +CONFIG_VXLAN=m +CONFIG_GENEVE=m CONFIG_GTP=m -# CONFIG_MACSEC is not set +CONFIG_MACSEC=m CONFIG_NETCONSOLE=m # CONFIG_NETCONSOLE_DYNAMIC is not set CONFIG_NETPOLL=y @@ -1905,10 +2192,11 @@ CONFIG_TUN=m CONFIG_TAP=m # CONFIG_TUN_VNET_CROSS_LE is not set # CONFIG_VETH is not set -CONFIG_VIRTIO_NET=m +CONFIG_VIRTIO_NET=y # CONFIG_NLMON is not set CONFIG_SUNGEM_PHY=m # CONFIG_ARCNET is not set +# CONFIG_ATM_DRIVERS is not set # # CAIF transport drivers @@ -1917,6 +2205,16 @@ CONFIG_SUNGEM_PHY=m # # Distributed Switch Architecture drivers # +# CONFIG_B53 is not set +# CONFIG_NET_DSA_BCM_SF2 is not set +# CONFIG_NET_DSA_LOOP is not set +# CONFIG_NET_DSA_MT7530 is not set +# CONFIG_NET_DSA_MV88E6060 is not set +# CONFIG_MICROCHIP_KSZ is not set +# CONFIG_NET_DSA_MV88E6XXX is not set +# CONFIG_NET_DSA_QCA8K is not set +# CONFIG_NET_DSA_SMSC_LAN9303_I2C is not set +# CONFIG_NET_DSA_SMSC_LAN9303_MDIO is not set CONFIG_ETHERNET=y CONFIG_MDIO=y CONFIG_NET_VENDOR_3COM=y @@ -2031,10 +2329,12 @@ CONFIG_E1000E=m CONFIG_E1000E_HWTS=y CONFIG_IGB=m CONFIG_IGB_HWMON=y +CONFIG_IGB_DCA=y CONFIG_IGBVF=m CONFIG_IXGB=m CONFIG_IXGBE=m CONFIG_IXGBE_HWMON=y +CONFIG_IXGBE_DCA=y CONFIG_IXGBEVF=m CONFIG_I40E=m CONFIG_I40EVF=m @@ -2058,19 +2358,29 @@ CONFIG_MLXSW_CORE_HWMON=y CONFIG_MLXSW_CORE_THERMAL=y CONFIG_MLXSW_PCI=m CONFIG_MLXSW_I2C=m +CONFIG_MLXSW_SWITCHIB=m +CONFIG_MLXSW_SWITCHX2=m +CONFIG_MLXSW_SPECTRUM=m CONFIG_MLXSW_MINIMAL=m CONFIG_MLXFW=m CONFIG_NET_VENDOR_MICREL=y +# CONFIG_KS8842 is not set +# CONFIG_KS8851 is not set CONFIG_KS8851_MLL=m CONFIG_KSZ884X_PCI=m +CONFIG_NET_VENDOR_MICROCHIP=y +# CONFIG_ENC28J60 is not set +# CONFIG_ENCX24J600 is not set CONFIG_NET_VENDOR_MYRI=y CONFIG_MYRI10GE=m +CONFIG_MYRI10GE_DCA=y CONFIG_FEALNX=m CONFIG_NET_VENDOR_NATSEMI=y CONFIG_NATSEMI=m CONFIG_NS83820=m CONFIG_NET_VENDOR_NETRONOME=y CONFIG_NFP=m +CONFIG_NFP_APP_FLOWER=y # CONFIG_NFP_DEBUG is not set CONFIG_NET_VENDOR_8390=y CONFIG_PCMCIA_AXNET=m @@ -2091,9 +2401,12 @@ CONFIG_QLCNIC_HWMON=y CONFIG_QLGE=m CONFIG_NETXEN_NIC=m CONFIG_QED=m +CONFIG_QED_LL2=y CONFIG_QED_SRIOV=y CONFIG_QEDE=m +CONFIG_QED_ISCSI=y CONFIG_NET_VENDOR_QUALCOMM=y +# CONFIG_QCA7000_SPI is not set # CONFIG_QCA7000_UART is not set CONFIG_QCOM_EMAC=m CONFIG_RMNET=m @@ -2110,6 +2423,7 @@ CONFIG_NET_VENDOR_RENESAS=y CONFIG_NET_VENDOR_RDC=y CONFIG_R6040=m CONFIG_NET_VENDOR_ROCKER=y +# CONFIG_ROCKER is not set CONFIG_NET_VENDOR_SAMSUNG=y CONFIG_SXGBE_ETH=m CONFIG_NET_VENDOR_SEEQ=y @@ -2156,6 +2470,7 @@ CONFIG_WIZNET_W5300=m # CONFIG_WIZNET_BUS_DIRECT is not set # CONFIG_WIZNET_BUS_INDIRECT is not set CONFIG_WIZNET_BUS_ANY=y +# CONFIG_WIZNET_W5100_SPI is not set CONFIG_NET_VENDOR_XIRCOM=y CONFIG_PCMCIA_XIRC2PS=m CONFIG_NET_VENDOR_SYNOPSYS=y @@ -2178,49 +2493,51 @@ CONFIG_MDIO_CAVIUM=m CONFIG_MDIO_THUNDER=m CONFIG_PHYLIB=m CONFIG_SWPHY=y -# CONFIG_LED_TRIGGER_PHY is not set +CONFIG_LED_TRIGGER_PHY=y # # MII PHY device drivers # -# CONFIG_AMD_PHY is not set -# CONFIG_AQUANTIA_PHY is not set -# CONFIG_AT803X_PHY is not set +CONFIG_AMD_PHY=m +CONFIG_AQUANTIA_PHY=m +CONFIG_AT803X_PHY=m CONFIG_BCM7XXX_PHY=m -# CONFIG_BCM87XX_PHY is not set +CONFIG_BCM87XX_PHY=m CONFIG_BCM_NET_PHYLIB=m -# CONFIG_BROADCOM_PHY is not set -# CONFIG_CICADA_PHY is not set -# CONFIG_CORTINA_PHY is not set -# CONFIG_DAVICOM_PHY is not set -# CONFIG_DP83848_PHY is not set -# CONFIG_DP83867_PHY is not set +CONFIG_BROADCOM_PHY=m +CONFIG_CICADA_PHY=m +CONFIG_CORTINA_PHY=m +CONFIG_DAVICOM_PHY=m +CONFIG_DP83848_PHY=m +CONFIG_DP83867_PHY=m CONFIG_FIXED_PHY=m -# CONFIG_ICPLUS_PHY is not set -# CONFIG_INTEL_XWAY_PHY is not set -# CONFIG_LSI_ET1011C_PHY is not set -# CONFIG_LXT_PHY is not set -# CONFIG_MARVELL_PHY is not set -# CONFIG_MARVELL_10G_PHY is not set -# CONFIG_MICREL_PHY is not set +CONFIG_ICPLUS_PHY=m +CONFIG_INTEL_XWAY_PHY=m +CONFIG_LSI_ET1011C_PHY=m +CONFIG_LXT_PHY=m +CONFIG_MARVELL_PHY=m +CONFIG_MARVELL_10G_PHY=m +CONFIG_MICREL_PHY=m CONFIG_MICROCHIP_PHY=m -# CONFIG_MICROSEMI_PHY is not set -# CONFIG_NATIONAL_PHY is not set -# CONFIG_QSEMI_PHY is not set -# CONFIG_REALTEK_PHY is not set -# CONFIG_ROCKCHIP_PHY is not set +CONFIG_MICROSEMI_PHY=m +CONFIG_NATIONAL_PHY=m +CONFIG_QSEMI_PHY=m +CONFIG_REALTEK_PHY=m +CONFIG_ROCKCHIP_PHY=m CONFIG_SMSC_PHY=m -# CONFIG_STE10XP is not set -# CONFIG_TERANETICS_PHY is not set -# CONFIG_VITESSE_PHY is not set -# CONFIG_XILINX_GMII2RGMII is not set +CONFIG_STE10XP=m +CONFIG_TERANETICS_PHY=m +CONFIG_VITESSE_PHY=m +CONFIG_XILINX_GMII2RGMII=m +# CONFIG_MICREL_KS8995MA is not set CONFIG_PLIP=m CONFIG_PPP=m CONFIG_PPP_BSDCOMP=m CONFIG_PPP_DEFLATE=m # CONFIG_PPP_FILTER is not set CONFIG_PPP_MPPE=m -# CONFIG_PPP_MULTILINK is not set +CONFIG_PPP_MULTILINK=y +# CONFIG_PPPOATM is not set CONFIG_PPPOE=m CONFIG_PPPOL2TP=m CONFIG_PPP_ASYNC=m @@ -2267,12 +2584,15 @@ CONFIG_USB_NET_ZAURUS=m CONFIG_USB_NET_CX82310_ETH=m CONFIG_USB_NET_KALMIA=m CONFIG_USB_NET_QMI_WWAN=m +# CONFIG_USB_HSO is not set CONFIG_USB_NET_INT51X1=m +# CONFIG_USB_CDC_PHONET is not set CONFIG_USB_IPHETH=m CONFIG_USB_SIERRA_NET=m CONFIG_USB_VL600=m CONFIG_USB_NET_CH9200=m CONFIG_WLAN=y +# CONFIG_WIRELESS_WDS is not set CONFIG_WLAN_VENDOR_ADMTEK=y CONFIG_ADM8211=m CONFIG_ATH_COMMON=m @@ -2289,6 +2609,7 @@ CONFIG_ATH9K_PCI=y # CONFIG_ATH9K_AHB is not set # CONFIG_ATH9K_DYNACK is not set CONFIG_ATH9K_WOW=y +CONFIG_ATH9K_RFKILL=y # CONFIG_ATH9K_CHANNEL_CONTEXT is not set CONFIG_ATH9K_PCOEM=y CONFIG_ATH9K_HTC=m @@ -2366,7 +2687,7 @@ CONFIG_IPW2100_MONITOR=y # CONFIG_IPW2100_DEBUG is not set CONFIG_IPW2200=m CONFIG_IPW2200_MONITOR=y -# CONFIG_IPW2200_RADIOTAP is not set +CONFIG_IPW2200_RADIOTAP=y # CONFIG_IPW2200_PROMISCUOUS is not set # CONFIG_IPW2200_QOS is not set # CONFIG_IPW2200_DEBUG is not set @@ -2386,6 +2707,7 @@ CONFIG_IWLDVM=m CONFIG_IWLMVM=m CONFIG_IWLWIFI_OPMODE_MODULAR=y # CONFIG_IWLWIFI_BCAST_FILTERING is not set +# CONFIG_IWLWIFI_PCIE_RTPM is not set # # Debugging Options @@ -2409,6 +2731,7 @@ CONFIG_ORINOCO_USB=m CONFIG_P54_COMMON=m CONFIG_P54_USB=m CONFIG_P54_PCI=m +# CONFIG_P54_SPI is not set CONFIG_P54_LEDS=y CONFIG_PRISM54=m CONFIG_WLAN_VENDOR_MARVELL=y @@ -2416,13 +2739,14 @@ CONFIG_LIBERTAS=m CONFIG_LIBERTAS_USB=m CONFIG_LIBERTAS_CS=m # CONFIG_LIBERTAS_SDIO is not set +# CONFIG_LIBERTAS_SPI is not set # CONFIG_LIBERTAS_DEBUG is not set # CONFIG_LIBERTAS_MESH is not set CONFIG_LIBERTAS_THINFIRM=m # CONFIG_LIBERTAS_THINFIRM_DEBUG is not set CONFIG_LIBERTAS_THINFIRM_USB=m CONFIG_MWIFIEX=m -# CONFIG_MWIFIEX_SDIO is not set +CONFIG_MWIFIEX_SDIO=m CONFIG_MWIFIEX_PCIE=m CONFIG_MWIFIEX_USB=m CONFIG_MWL8K=m @@ -2480,14 +2804,18 @@ CONFIG_RSI_SDIO=m CONFIG_RSI_USB=m CONFIG_WLAN_VENDOR_ST=y CONFIG_CW1200=m -# CONFIG_CW1200_WLAN_SDIO is not set +CONFIG_CW1200_WLAN_SDIO=m +# CONFIG_CW1200_WLAN_SPI is not set CONFIG_WLAN_VENDOR_TI=y CONFIG_WL1251=m -# CONFIG_WL1251_SDIO is not set +# CONFIG_WL1251_SPI is not set +CONFIG_WL1251_SDIO=m CONFIG_WL12XX=m CONFIG_WL18XX=m CONFIG_WLCORE=m -# CONFIG_WLCORE_SDIO is not set +# CONFIG_WLCORE_SPI is not set +CONFIG_WLCORE_SDIO=m +CONFIG_WILINK_PLATFORM_DATA=y CONFIG_WLAN_VENDOR_ZYDAS=y CONFIG_USB_ZD1201=m CONFIG_ZD1211RW=m @@ -2501,15 +2829,80 @@ CONFIG_PCMCIA_WL3501=m CONFIG_USB_NET_RNDIS_WLAN=m # -# Enable WiMAX (Networking options) to see the WiMAX drivers +# WiMAX Wireless Broadband devices # +CONFIG_WIMAX_I2400M=m +CONFIG_WIMAX_I2400M_USB=m +CONFIG_WIMAX_I2400M_DEBUG_LEVEL=8 # CONFIG_WAN is not set +CONFIG_IEEE802154_DRIVERS=m +# CONFIG_IEEE802154_FAKELB is not set +# CONFIG_IEEE802154_AT86RF230 is not set +# CONFIG_IEEE802154_MRF24J40 is not set +# CONFIG_IEEE802154_CC2520 is not set +CONFIG_IEEE802154_ATUSB=m +# CONFIG_IEEE802154_ADF7242 is not set +# CONFIG_IEEE802154_CA8210 is not set CONFIG_XEN_NETDEV_FRONTEND=y CONFIG_XEN_NETDEV_BACKEND=m CONFIG_VMXNET3=m # CONFIG_FUJITSU_ES is not set -# CONFIG_HYPERV_NET is not set -# CONFIG_ISDN is not set +CONFIG_HYPERV_NET=m +CONFIG_ISDN=y +CONFIG_ISDN_I4L=m +CONFIG_ISDN_PPP=y +# CONFIG_ISDN_PPP_VJ is not set +CONFIG_ISDN_MPP=y +# CONFIG_IPPP_FILTER is not set +CONFIG_ISDN_PPP_BSDCOMP=m +# CONFIG_ISDN_AUDIO is not set +# CONFIG_ISDN_X25 is not set + +# +# ISDN feature submodules +# +# CONFIG_ISDN_DIVERSION is not set + +# +# ISDN4Linux hardware drivers +# + +# +# Passive cards +# +# CONFIG_ISDN_DRV_HISAX is not set +CONFIG_ISDN_CAPI=m +CONFIG_CAPI_TRACE=y +CONFIG_ISDN_CAPI_CAPI20=m +CONFIG_ISDN_CAPI_MIDDLEWARE=y +CONFIG_ISDN_CAPI_CAPIDRV=m +# CONFIG_ISDN_CAPI_CAPIDRV_VERBOSE is not set + +# +# CAPI hardware drivers +# +# CONFIG_CAPI_AVM is not set +# CONFIG_CAPI_EICON is not set +# CONFIG_ISDN_DRV_GIGASET is not set +# CONFIG_HYSDN is not set +CONFIG_MISDN=m +CONFIG_MISDN_DSP=m +CONFIG_MISDN_L1OIP=m + +# +# mISDN hardware drivers +# +CONFIG_MISDN_HFCPCI=m +CONFIG_MISDN_HFCMULTI=m +CONFIG_MISDN_HFCUSB=m +CONFIG_MISDN_AVMFRITZ=m +CONFIG_MISDN_SPEEDFAX=m +CONFIG_MISDN_INFINEON=m +CONFIG_MISDN_W6692=m +CONFIG_MISDN_NETJET=m +CONFIG_MISDN_IPAC=m +CONFIG_MISDN_ISAR=m +CONFIG_ISDN_HDLC=m # CONFIG_NVM is not set # @@ -2519,7 +2912,7 @@ CONFIG_INPUT=y CONFIG_INPUT_LEDS=m CONFIG_INPUT_FF_MEMLESS=y CONFIG_INPUT_POLLDEV=m -# CONFIG_INPUT_SPARSEKMAP is not set +CONFIG_INPUT_SPARSEKMAP=m CONFIG_INPUT_MATRIXKMAP=m # @@ -2574,14 +2967,14 @@ CONFIG_MOUSE_PS2_TRACKPOINT=y # CONFIG_MOUSE_PS2_SENTELIC is not set # CONFIG_MOUSE_PS2_TOUCHKIT is not set CONFIG_MOUSE_PS2_FOCALTECH=y -# CONFIG_MOUSE_PS2_VMMOUSE is not set +CONFIG_MOUSE_PS2_VMMOUSE=y CONFIG_MOUSE_SERIAL=y CONFIG_MOUSE_APPLETOUCH=m CONFIG_MOUSE_BCM5974=m CONFIG_MOUSE_CYAPA=m CONFIG_MOUSE_ELAN_I2C=m CONFIG_MOUSE_ELAN_I2C_I2C=y -# CONFIG_MOUSE_ELAN_I2C_SMBUS is not set +CONFIG_MOUSE_ELAN_I2C_SMBUS=y CONFIG_MOUSE_VSXXXAA=m CONFIG_MOUSE_SYNAPTICS_I2C=m CONFIG_MOUSE_SYNAPTICS_USB=m @@ -2616,6 +3009,7 @@ CONFIG_JOYSTICK_XPAD=m CONFIG_JOYSTICK_XPAD_FF=y CONFIG_JOYSTICK_XPAD_LEDS=y CONFIG_JOYSTICK_WALKERA0701=m +# CONFIG_JOYSTICK_PSXPAD_SPI is not set CONFIG_INPUT_TABLET=y CONFIG_TABLET_USB_ACECAD=m CONFIG_TABLET_USB_AIPTEK=m @@ -2626,16 +3020,21 @@ CONFIG_TABLET_USB_PEGASUS=m CONFIG_TABLET_SERIAL_WACOM4=m CONFIG_INPUT_TOUCHSCREEN=y CONFIG_TOUCHSCREEN_PROPERTIES=y +# CONFIG_TOUCHSCREEN_ADS7846 is not set +# CONFIG_TOUCHSCREEN_AD7877 is not set CONFIG_TOUCHSCREEN_AD7879=m # CONFIG_TOUCHSCREEN_AD7879_I2C is not set +# CONFIG_TOUCHSCREEN_AD7879_SPI is not set CONFIG_TOUCHSCREEN_AR1021_I2C=m CONFIG_TOUCHSCREEN_ATMEL_MXT=m # CONFIG_TOUCHSCREEN_ATMEL_MXT_T37 is not set CONFIG_TOUCHSCREEN_BU21013=m CONFIG_TOUCHSCREEN_CYTTSP_CORE=m # CONFIG_TOUCHSCREEN_CYTTSP_I2C is not set +# CONFIG_TOUCHSCREEN_CYTTSP_SPI is not set CONFIG_TOUCHSCREEN_CYTTSP4_CORE=m # CONFIG_TOUCHSCREEN_CYTTSP4_I2C is not set +# CONFIG_TOUCHSCREEN_CYTTSP4_SPI is not set CONFIG_TOUCHSCREEN_DYNAPRO=m CONFIG_TOUCHSCREEN_HAMPSHIRE=m CONFIG_TOUCHSCREEN_EETI=m @@ -2662,7 +3061,10 @@ CONFIG_TOUCHSCREEN_TOUCHRIGHT=m CONFIG_TOUCHSCREEN_TOUCHWIN=m CONFIG_TOUCHSCREEN_PIXCIR=m CONFIG_TOUCHSCREEN_WDT87XX_I2C=m -# CONFIG_TOUCHSCREEN_WM97XX is not set +CONFIG_TOUCHSCREEN_WM97XX=m +CONFIG_TOUCHSCREEN_WM9705=y +CONFIG_TOUCHSCREEN_WM9712=y +CONFIG_TOUCHSCREEN_WM9713=y CONFIG_TOUCHSCREEN_USB_COMPOSITE=m CONFIG_TOUCHSCREEN_USB_EGALAX=y CONFIG_TOUCHSCREEN_USB_PANJIT=y @@ -2686,11 +3088,12 @@ CONFIG_TOUCHSCREEN_TOUCHIT213=m CONFIG_TOUCHSCREEN_TSC_SERIO=m CONFIG_TOUCHSCREEN_TSC200X_CORE=m CONFIG_TOUCHSCREEN_TSC2004=m +# CONFIG_TOUCHSCREEN_TSC2005 is not set CONFIG_TOUCHSCREEN_TSC2007=m CONFIG_TOUCHSCREEN_SILEAD=m CONFIG_TOUCHSCREEN_ST1232=m CONFIG_TOUCHSCREEN_STMFTS=m -# CONFIG_TOUCHSCREEN_SUR40 is not set +CONFIG_TOUCHSCREEN_SUR40=m CONFIG_TOUCHSCREEN_SX8654=m CONFIG_TOUCHSCREEN_TPS6507X=m CONFIG_TOUCHSCREEN_ZET6223=m @@ -2698,6 +3101,7 @@ CONFIG_TOUCHSCREEN_ROHM_BU21023=m CONFIG_INPUT_MISC=y CONFIG_INPUT_AD714X=m CONFIG_INPUT_AD714X_I2C=m +CONFIG_INPUT_AD714X_SPI=m CONFIG_INPUT_ATMEL_CAPTOUCH=m CONFIG_INPUT_BMA150=m CONFIG_INPUT_E3X0_BUTTON=m @@ -2716,6 +3120,7 @@ CONFIG_INPUT_UINPUT=m CONFIG_INPUT_PCF8574=m CONFIG_INPUT_ADXL34X=m CONFIG_INPUT_ADXL34X_I2C=m +CONFIG_INPUT_ADXL34X_SPI=m CONFIG_INPUT_IMS_PCU=m CONFIG_INPUT_CMA3000=m # CONFIG_INPUT_CMA3000_I2C is not set @@ -2725,6 +3130,7 @@ CONFIG_INPUT_DRV2665_HAPTICS=m CONFIG_INPUT_DRV2667_HAPTICS=m CONFIG_RMI4_CORE=m # CONFIG_RMI4_I2C is not set +# CONFIG_RMI4_SPI is not set # CONFIG_RMI4_SMB is not set CONFIG_RMI4_F03=y CONFIG_RMI4_F03_SERIO=m @@ -2788,6 +3194,7 @@ CONFIG_SERIAL_8250_DEPRECATED_OPTIONS=y CONFIG_SERIAL_8250_PNP=y # CONFIG_SERIAL_8250_FINTEK is not set # CONFIG_SERIAL_8250_CONSOLE is not set +CONFIG_SERIAL_8250_DMA=y CONFIG_SERIAL_8250_PCI=y CONFIG_SERIAL_8250_EXAR=y # CONFIG_SERIAL_8250_CS is not set @@ -2805,6 +3212,8 @@ CONFIG_SERIAL_8250_MID=y # # Non-8250 serial port support # +# CONFIG_SERIAL_MAX3100 is not set +# CONFIG_SERIAL_MAX310X is not set CONFIG_SERIAL_UARTLITE=m CONFIG_SERIAL_UARTLITE_NR_UARTS=1 CONFIG_SERIAL_CORE=y @@ -2813,6 +3222,7 @@ CONFIG_SERIAL_SCCNXP=m CONFIG_SERIAL_SC16IS7XX_CORE=m CONFIG_SERIAL_SC16IS7XX=m CONFIG_SERIAL_SC16IS7XX_I2C=y +# CONFIG_SERIAL_SC16IS7XX_SPI is not set CONFIG_SERIAL_ALTERA_JTAGUART=m CONFIG_SERIAL_ALTERA_UART=m CONFIG_SERIAL_ALTERA_UART_MAXPORTS=4 @@ -2825,6 +3235,7 @@ CONFIG_SERIAL_RP2_NR_UARTS=32 CONFIG_SERIAL_FSL_LPUART=m CONFIG_SERIAL_CONEXANT_DIGICOLOR=m CONFIG_SERIAL_DEV_BUS=m +# CONFIG_TTY_PRINTK is not set CONFIG_PRINTER=m # CONFIG_LP_CONSOLE is not set CONFIG_PPDEV=m @@ -2832,7 +3243,7 @@ CONFIG_HVC_DRIVER=y CONFIG_HVC_IRQ=y CONFIG_HVC_XEN=y CONFIG_HVC_XEN_FRONTEND=y -# CONFIG_VIRTIO_CONSOLE is not set +CONFIG_VIRTIO_CONSOLE=m CONFIG_IPMI_HANDLER=m CONFIG_IPMI_DMI_DECODE=y # CONFIG_IPMI_PANIC_EVENT is not set @@ -2869,6 +3280,7 @@ CONFIG_HANGCHECK_TIMER=m CONFIG_TCG_TPM=m CONFIG_TCG_TIS_CORE=m CONFIG_TCG_TIS=m +# CONFIG_TCG_TIS_SPI is not set CONFIG_TCG_TIS_I2C_ATMEL=m CONFIG_TCG_TIS_I2C_INFINEON=m CONFIG_TCG_TIS_I2C_NUVOTON=m @@ -2880,6 +3292,7 @@ CONFIG_TCG_CRB=m CONFIG_TCG_VTPM_PROXY=m CONFIG_TCG_TIS_ST33ZP24=m CONFIG_TCG_TIS_ST33ZP24_I2C=m +# CONFIG_TCG_TIS_ST33ZP24_SPI is not set # CONFIG_TELCLOCK is not set CONFIG_DEVPORT=y # CONFIG_XILLYBUS is not set @@ -2904,6 +3317,7 @@ CONFIG_I2C_MUX=m # CONFIG_I2C_DEMUX_PINCTRL is not set # CONFIG_I2C_MUX_MLXCPLD is not set CONFIG_I2C_HELPER_AUTO=y +CONFIG_I2C_SMBUS=m CONFIG_I2C_ALGOBIT=m # @@ -2913,26 +3327,28 @@ CONFIG_I2C_ALGOBIT=m # # PC SMBus host controller drivers # -# CONFIG_I2C_ALI1535 is not set -# CONFIG_I2C_ALI1563 is not set -# CONFIG_I2C_ALI15X3 is not set -# CONFIG_I2C_AMD756 is not set -# CONFIG_I2C_AMD8111 is not set -# CONFIG_I2C_I801 is not set -# CONFIG_I2C_ISCH is not set -# CONFIG_I2C_ISMT is not set -# CONFIG_I2C_PIIX4 is not set -# CONFIG_I2C_NFORCE2 is not set -# CONFIG_I2C_SIS5595 is not set -# CONFIG_I2C_SIS630 is not set -# CONFIG_I2C_SIS96X is not set -# CONFIG_I2C_VIA is not set -# CONFIG_I2C_VIAPRO is not set +CONFIG_I2C_ALI1535=m +CONFIG_I2C_ALI1563=m +CONFIG_I2C_ALI15X3=m +CONFIG_I2C_AMD756=m +# CONFIG_I2C_AMD756_S4882 is not set +CONFIG_I2C_AMD8111=m +CONFIG_I2C_I801=m +CONFIG_I2C_ISCH=m +CONFIG_I2C_ISMT=m +CONFIG_I2C_PIIX4=m +CONFIG_I2C_NFORCE2=m +# CONFIG_I2C_NFORCE2_S4985 is not set +CONFIG_I2C_SIS5595=m +CONFIG_I2C_SIS630=m +CONFIG_I2C_SIS96X=m +CONFIG_I2C_VIA=m +CONFIG_I2C_VIAPRO=m # # ACPI drivers # -# CONFIG_I2C_SCMI is not set +CONFIG_I2C_SCMI=m # # I2C system bus drivers (mostly embedded / system-on-chip) @@ -2951,11 +3367,11 @@ CONFIG_I2C_ALGOBIT=m # External I2C/SMBus adapter drivers # # CONFIG_I2C_DIOLAN_U2C is not set -# CONFIG_I2C_PARPORT is not set +CONFIG_I2C_PARPORT=m # CONFIG_I2C_PARPORT_LIGHT is not set # CONFIG_I2C_ROBOTFUZZ_OSIF is not set # CONFIG_I2C_TAOS_EVM is not set -# CONFIG_I2C_TINY_USB is not set +CONFIG_I2C_TINY_USB=m # # Other I2C/SMBus bus drivers @@ -2966,9 +3382,52 @@ CONFIG_I2C_ALGOBIT=m # CONFIG_I2C_DEBUG_CORE is not set # CONFIG_I2C_DEBUG_ALGO is not set # CONFIG_I2C_DEBUG_BUS is not set -# CONFIG_SPI is not set -# CONFIG_SPMI is not set -# CONFIG_HSI is not set +CONFIG_SPI=y +# CONFIG_SPI_DEBUG is not set +CONFIG_SPI_MASTER=y + +# +# SPI Master Controller Drivers +# +CONFIG_SPI_ALTERA=m +CONFIG_SPI_AXI_SPI_ENGINE=m +CONFIG_SPI_BITBANG=m +CONFIG_SPI_BUTTERFLY=m +CONFIG_SPI_CADENCE=m +CONFIG_SPI_DESIGNWARE=m +CONFIG_SPI_DW_PCI=m +# CONFIG_SPI_DW_MID_DMA is not set +CONFIG_SPI_DW_MMIO=m +# CONFIG_SPI_LM70_LLP is not set +CONFIG_SPI_FSL_LIB=m +CONFIG_SPI_FSL_SPI=m +CONFIG_SPI_PXA2XX=m +CONFIG_SPI_PXA2XX_PCI=m +CONFIG_SPI_ROCKCHIP=m +CONFIG_SPI_SC18IS602=m +CONFIG_SPI_XCOMM=m +CONFIG_SPI_XILINX=m +CONFIG_SPI_ZYNQMP_GQSPI=m + +# +# SPI Protocol Masters +# +# CONFIG_SPI_SPIDEV is not set +# CONFIG_SPI_LOOPBACK_TEST is not set +# CONFIG_SPI_TLE62X0 is not set +# CONFIG_SPI_SLAVE is not set +CONFIG_SPMI=m +CONFIG_HSI=m +CONFIG_HSI_BOARDINFO=y + +# +# HSI controllers +# + +# +# HSI clients +# +CONFIG_HSI_CHAR=m CONFIG_PPS=m # CONFIG_PPS_DEBUG is not set @@ -2976,9 +3435,9 @@ CONFIG_PPS=m # PPS clients support # # CONFIG_PPS_CLIENT_KTIMER is not set -# CONFIG_PPS_CLIENT_LDISC is not set -# CONFIG_PPS_CLIENT_PARPORT is not set -# CONFIG_PPS_CLIENT_GPIO is not set +CONFIG_PPS_CLIENT_LDISC=m +CONFIG_PPS_CLIENT_PARPORT=m +CONFIG_PPS_CLIENT_GPIO=m # # PPS generators support @@ -2998,6 +3457,7 @@ CONFIG_PINCTRL=y # # Pin controllers # +# CONFIG_DEBUG_PINCTRL is not set # CONFIG_PINCTRL_MCP23S08 is not set # CONFIG_PINCTRL_SINGLE is not set # CONFIG_PINCTRL_CHERRYVIEW is not set @@ -3010,7 +3470,12 @@ CONFIG_PINCTRL=y # CONFIG_GPIOLIB is not set # CONFIG_W1 is not set # CONFIG_POWER_AVS is not set -# CONFIG_POWER_RESET is not set +CONFIG_POWER_RESET=y +# CONFIG_POWER_RESET_RESTART is not set +CONFIG_POWER_RESET_SYSCON=y +CONFIG_POWER_RESET_SYSCON_POWEROFF=y +CONFIG_REBOOT_MODE=m +CONFIG_SYSCON_REBOOT_MODE=m CONFIG_POWER_SUPPLY=y # CONFIG_POWER_SUPPLY_DEBUG is not set CONFIG_PDA_POWER=m @@ -3038,6 +3503,7 @@ CONFIG_HWMON_VID=m # CONFIG_SENSORS_ABITUGURU=m CONFIG_SENSORS_ABITUGURU3=m +# CONFIG_SENSORS_AD7314 is not set CONFIG_SENSORS_AD7414=m CONFIG_SENSORS_AD7418=m CONFIG_SENSORS_ADM1021=m @@ -3047,6 +3513,7 @@ CONFIG_SENSORS_ADM1029=m CONFIG_SENSORS_ADM1031=m CONFIG_SENSORS_ADM9240=m CONFIG_SENSORS_ADT7X10=m +# CONFIG_SENSORS_ADT7310 is not set CONFIG_SENSORS_ADT7410=m CONFIG_SENSORS_ADT7411=m CONFIG_SENSORS_ADT7462=m @@ -3089,10 +3556,12 @@ CONFIG_SENSORS_LTC4222=m CONFIG_SENSORS_LTC4245=m CONFIG_SENSORS_LTC4260=m CONFIG_SENSORS_LTC4261=m +# CONFIG_SENSORS_MAX1111 is not set CONFIG_SENSORS_MAX16065=m CONFIG_SENSORS_MAX1619=m CONFIG_SENSORS_MAX1668=m CONFIG_SENSORS_MAX197=m +# CONFIG_SENSORS_MAX31722 is not set CONFIG_SENSORS_MAX6639=m CONFIG_SENSORS_MAX6642=m CONFIG_SENSORS_MAX6650=m @@ -3100,7 +3569,9 @@ CONFIG_SENSORS_MAX6697=m CONFIG_SENSORS_MAX31790=m CONFIG_SENSORS_MCP3021=m CONFIG_SENSORS_TC654=m +# CONFIG_SENSORS_ADCXX is not set CONFIG_SENSORS_LM63=m +# CONFIG_SENSORS_LM70 is not set CONFIG_SENSORS_LM73=m CONFIG_SENSORS_LM75=m CONFIG_SENSORS_LM77=m @@ -3157,6 +3628,7 @@ CONFIG_SENSORS_SMM665=m CONFIG_SENSORS_ADC128D818=m CONFIG_SENSORS_ADS1015=m CONFIG_SENSORS_ADS7828=m +# CONFIG_SENSORS_ADS7871 is not set CONFIG_SENSORS_AMC6821=m CONFIG_SENSORS_INA209=m CONFIG_SENSORS_INA2XX=m @@ -3200,7 +3672,7 @@ CONFIG_THERMAL_DEFAULT_GOV_STEP_WISE=y # CONFIG_THERMAL_DEFAULT_GOV_POWER_ALLOCATOR is not set # CONFIG_THERMAL_GOV_FAIR_SHARE is not set CONFIG_THERMAL_GOV_STEP_WISE=y -# CONFIG_THERMAL_GOV_BANG_BANG is not set +CONFIG_THERMAL_GOV_BANG_BANG=y CONFIG_THERMAL_GOV_USER_SPACE=y # CONFIG_THERMAL_GOV_POWER_ALLOCATOR is not set # CONFIG_CPU_THERMAL is not set @@ -3208,7 +3680,7 @@ CONFIG_THERMAL_GOV_USER_SPACE=y # CONFIG_DEVFREQ_THERMAL is not set # CONFIG_THERMAL_EMULATION is not set # CONFIG_QORIQ_THERMAL is not set -# CONFIG_INTEL_POWERCLAMP is not set +CONFIG_INTEL_POWERCLAMP=m CONFIG_X86_PKG_TEMP_THERMAL=m # CONFIG_INTEL_SOC_DTS_THERMAL is not set @@ -3216,7 +3688,7 @@ CONFIG_X86_PKG_TEMP_THERMAL=m # ACPI INT340X thermal drivers # # CONFIG_INT340X_THERMAL is not set -# CONFIG_INTEL_PCH_THERMAL is not set +CONFIG_INTEL_PCH_THERMAL=m # CONFIG_WATCHDOG is not set CONFIG_SSB_POSSIBLE=y @@ -3233,6 +3705,7 @@ CONFIG_SSB_PCMCIAHOST_POSSIBLE=y # CONFIG_SSB_PCMCIAHOST is not set CONFIG_SSB_SDIOHOST_POSSIBLE=y # CONFIG_SSB_SDIOHOST is not set +# CONFIG_SSB_SILENT is not set # CONFIG_SSB_DEBUG is not set CONFIG_SSB_DRIVER_PCICORE_POSSIBLE=y CONFIG_SSB_DRIVER_PCICORE=y @@ -3249,7 +3722,7 @@ CONFIG_BCMA_DRIVER_PCI=y # # Multifunction device drivers # -CONFIG_MFD_CORE=m +CONFIG_MFD_CORE=y # CONFIG_MFD_ACT8945A is not set # CONFIG_MFD_ATMEL_FLEXCOM is not set # CONFIG_MFD_ATMEL_HLCDC is not set @@ -3257,18 +3730,22 @@ CONFIG_MFD_CORE=m # CONFIG_MFD_BD9571MWV is not set # CONFIG_MFD_AXP20X_I2C is not set # CONFIG_MFD_CROS_EC is not set +# CONFIG_MFD_DA9052_SPI is not set # CONFIG_MFD_DA9062 is not set # CONFIG_MFD_DA9063 is not set # CONFIG_MFD_DA9150 is not set # CONFIG_MFD_DLN2 is not set +# CONFIG_MFD_MC13XXX_SPI is not set # CONFIG_MFD_MC13XXX_I2C is not set # CONFIG_MFD_HI6421_PMIC is not set # CONFIG_HTC_PASIC3 is not set -# CONFIG_MFD_INTEL_QUARK_I2C_GPIO is not set -# CONFIG_LPC_ICH is not set -# CONFIG_LPC_SCH is not set -# CONFIG_MFD_INTEL_LPSS_ACPI is not set -# CONFIG_MFD_INTEL_LPSS_PCI is not set +CONFIG_MFD_INTEL_QUARK_I2C_GPIO=m +CONFIG_LPC_ICH=y +CONFIG_LPC_SCH=m +# CONFIG_INTEL_SOC_PMIC_BXTWC is not set +CONFIG_MFD_INTEL_LPSS=m +CONFIG_MFD_INTEL_LPSS_ACPI=m +CONFIG_MFD_INTEL_LPSS_PCI=m # CONFIG_MFD_JANZ_CMODIO is not set # CONFIG_MFD_KEMPLD is not set # CONFIG_MFD_88PM800 is not set @@ -3279,6 +3756,8 @@ CONFIG_MFD_CORE=m # CONFIG_MFD_MAX8907 is not set # CONFIG_MFD_MT6397 is not set # CONFIG_MFD_MENF21BMC is not set +# CONFIG_EZX_PCAP is not set +# CONFIG_MFD_CPCAP is not set # CONFIG_MFD_VIPERBOARD is not set # CONFIG_MFD_RETU is not set # CONFIG_MFD_PCF50633 is not set @@ -3292,6 +3771,7 @@ CONFIG_MFD_CORE=m # CONFIG_MFD_SM501 is not set # CONFIG_MFD_SKY81452 is not set # CONFIG_ABX500_CORE is not set +# CONFIG_MFD_STMPE is not set CONFIG_MFD_SYSCON=y # CONFIG_MFD_TI_AM335X_TSCADC is not set # CONFIG_MFD_LP3943 is not set @@ -3304,11 +3784,14 @@ CONFIG_MFD_SYSCON=y # CONFIG_MFD_TI_LP87565 is not set # CONFIG_MFD_TPS65218 is not set # CONFIG_MFD_TPS65912_I2C is not set +# CONFIG_MFD_TPS65912_SPI is not set CONFIG_MFD_WL1273_CORE=m # CONFIG_MFD_LM3533 is not set # CONFIG_MFD_TMIO is not set # CONFIG_MFD_VX855 is not set # CONFIG_MFD_ARIZONA_I2C is not set +# CONFIG_MFD_ARIZONA_SPI is not set +# CONFIG_MFD_WM831X_SPI is not set # CONFIG_MFD_WM8994 is not set # CONFIG_REGULATOR is not set CONFIG_CEC_CORE=m @@ -3316,17 +3799,39 @@ CONFIG_CEC_NOTIFIER=y CONFIG_RC_CORE=y CONFIG_RC_MAP=y CONFIG_RC_DECODERS=y -# CONFIG_LIRC is not set -CONFIG_IR_NEC_DECODER=y -CONFIG_IR_RC5_DECODER=y -CONFIG_IR_RC6_DECODER=y -CONFIG_IR_JVC_DECODER=y -CONFIG_IR_SONY_DECODER=y -CONFIG_IR_SANYO_DECODER=y -CONFIG_IR_SHARP_DECODER=y -CONFIG_IR_MCE_KBD_DECODER=y -CONFIG_IR_XMP_DECODER=y -# CONFIG_RC_DEVICES is not set +CONFIG_LIRC=m +CONFIG_IR_LIRC_CODEC=m +CONFIG_IR_NEC_DECODER=m +CONFIG_IR_RC5_DECODER=m +CONFIG_IR_RC6_DECODER=m +CONFIG_IR_JVC_DECODER=m +CONFIG_IR_SONY_DECODER=m +CONFIG_IR_SANYO_DECODER=m +CONFIG_IR_SHARP_DECODER=m +CONFIG_IR_MCE_KBD_DECODER=m +CONFIG_IR_XMP_DECODER=m +CONFIG_RC_DEVICES=y +CONFIG_RC_ATI_REMOTE=m +CONFIG_IR_ENE=m +CONFIG_IR_HIX5HD2=m +CONFIG_IR_IMON=m +CONFIG_IR_MCEUSB=m +CONFIG_IR_ITE_CIR=m +CONFIG_IR_FINTEK=m +CONFIG_IR_NUVOTON=m +CONFIG_IR_REDRAT3=m +# CONFIG_IR_SPI is not set +CONFIG_IR_STREAMZAP=m +CONFIG_IR_WINBOND_CIR=m +CONFIG_IR_IGORPLUGUSB=m +CONFIG_IR_IGUANA=m +CONFIG_IR_TTUSBIR=m +CONFIG_RC_LOOPBACK=m +CONFIG_IR_GPIO_CIR=m +CONFIG_IR_GPIO_TX=m +CONFIG_IR_SERIAL=m +CONFIG_IR_SERIAL_TRANSMITTER=y +CONFIG_IR_SIR=m CONFIG_MEDIA_SUPPORT=m # @@ -3517,7 +4022,7 @@ CONFIG_DVB_AS102=m # CONFIG_VIDEO_EM28XX=m CONFIG_VIDEO_EM28XX_V4L2=m -# CONFIG_VIDEO_EM28XX_ALSA is not set +CONFIG_VIDEO_EM28XX_ALSA=m CONFIG_VIDEO_EM28XX_DVB=m CONFIG_VIDEO_EM28XX_RC=m @@ -3526,6 +4031,7 @@ CONFIG_VIDEO_EM28XX_RC=m # CONFIG_USB_AIRSPY=m CONFIG_USB_HACKRF=m +# CONFIG_USB_MSI2500 is not set # # USB HDMI CEC adapters @@ -3537,6 +4043,7 @@ CONFIG_MEDIA_PCI_SUPPORT=y # # Media capture support # +# CONFIG_VIDEO_MEYE is not set # CONFIG_VIDEO_SOLO6X10 is not set CONFIG_VIDEO_TW5864=m CONFIG_VIDEO_TW68=m @@ -3609,6 +4116,7 @@ CONFIG_DVB_NGENE=m CONFIG_DVB_DDBRIDGE=m # CONFIG_DVB_DDBRIDGE_MSIENABLE is not set CONFIG_DVB_SMIPCIE=m +# CONFIG_DVB_NETUP_UNIDVB is not set CONFIG_V4L_PLATFORM_DRIVERS=y CONFIG_VIDEO_CAFE_CCIC=m CONFIG_SOC_CAMERA=m @@ -3970,6 +4478,7 @@ CONFIG_VGA_SWITCHEROO=y CONFIG_DRM=m CONFIG_DRM_MIPI_DSI=y # CONFIG_DRM_DP_AUX_CHARDEV is not set +# CONFIG_DRM_DEBUG_MM_SELFTEST is not set CONFIG_DRM_KMS_HELPER=m CONFIG_DRM_KMS_FB_HELPER=y CONFIG_DRM_FBDEV_EMULATION=y @@ -4007,6 +4516,17 @@ CONFIG_DRM_I915_CAPTURE_ERROR=y CONFIG_DRM_I915_COMPRESS_ERROR=y CONFIG_DRM_I915_USERPTR=y # CONFIG_DRM_I915_GVT is not set + +# +# drm/i915 Debugging +# +# CONFIG_DRM_I915_WERROR is not set +# CONFIG_DRM_I915_DEBUG is not set +# CONFIG_DRM_I915_SW_FENCE_DEBUG_OBJECTS is not set +# CONFIG_DRM_I915_SW_FENCE_CHECK_DAG is not set +# CONFIG_DRM_I915_SELFTEST is not set +# CONFIG_DRM_I915_LOW_LEVEL_TRACEPOINTS is not set +# CONFIG_DRM_I915_DEBUG_VBLANK_EVADE is not set CONFIG_DRM_VGEM=m CONFIG_DRM_VMWGFX=m # CONFIG_DRM_VMWGFX_FBCON is not set @@ -4020,7 +4540,7 @@ CONFIG_DRM_CIRRUS_QEMU=m CONFIG_DRM_RCAR_DW_HDMI=m CONFIG_DRM_QXL=m CONFIG_DRM_BOCHS=m -# CONFIG_DRM_VIRTIO_GPU is not set +CONFIG_DRM_VIRTIO_GPU=m CONFIG_DRM_PANEL=y # @@ -4030,11 +4550,14 @@ CONFIG_DRM_PANEL_LVDS=m CONFIG_DRM_PANEL_SIMPLE=m CONFIG_DRM_PANEL_INNOLUX_P079ZCA=m CONFIG_DRM_PANEL_JDI_LT070ME05000=m +# CONFIG_DRM_PANEL_SAMSUNG_LD9040 is not set +# CONFIG_DRM_PANEL_LG_LG4573 is not set CONFIG_DRM_PANEL_PANASONIC_VVX10F034N00=m CONFIG_DRM_PANEL_SAMSUNG_S6E3HA2=m CONFIG_DRM_PANEL_SAMSUNG_S6E8AA0=m CONFIG_DRM_PANEL_SHARP_LQ101R1SX01=m CONFIG_DRM_PANEL_SHARP_LS043T1LE01=m +# CONFIG_DRM_PANEL_SITRONIX_ST7789V is not set CONFIG_DRM_BRIDGE=y CONFIG_DRM_PANEL_BRIDGE=y @@ -4061,6 +4584,9 @@ CONFIG_DRM_HISI_HIBMC=m CONFIG_DRM_MXS=y CONFIG_DRM_MXSFB=m CONFIG_DRM_TINYDRM=m +# CONFIG_TINYDRM_MI0283QT is not set +# CONFIG_TINYDRM_REPAPER is not set +# CONFIG_TINYDRM_ST7586 is not set # CONFIG_DRM_LEGACY is not set # CONFIG_DRM_LIB_RANDOM is not set @@ -4117,6 +4643,7 @@ CONFIG_FB_RIVA_BACKLIGHT=y CONFIG_FB_I740=m CONFIG_FB_LE80578=m CONFIG_FB_CARILLO_RANCH=m +# CONFIG_FB_INTEL is not set CONFIG_FB_MATROX=m CONFIG_FB_MATROX_MILLENIUM=y CONFIG_FB_MATROX_MYSTIQUE=y @@ -4171,7 +4698,17 @@ CONFIG_FB_AUO_K1901=m CONFIG_FB_SM712=m CONFIG_BACKLIGHT_LCD_SUPPORT=y CONFIG_LCD_CLASS_DEVICE=m +# CONFIG_LCD_LTV350QV is not set +# CONFIG_LCD_ILI922X is not set +# CONFIG_LCD_ILI9320 is not set +# CONFIG_LCD_TDO24M is not set +# CONFIG_LCD_VGG2432A4 is not set CONFIG_LCD_PLATFORM=m +# CONFIG_LCD_S6E63M0 is not set +# CONFIG_LCD_LD9040 is not set +# CONFIG_LCD_AMS369FG06 is not set +# CONFIG_LCD_LMS501KF03 is not set +# CONFIG_LCD_HX8357 is not set CONFIG_BACKLIGHT_CLASS_DEVICE=m CONFIG_BACKLIGHT_GENERIC=m CONFIG_BACKLIGHT_CARILLO_RANCH=m @@ -4222,7 +4759,8 @@ CONFIG_SND_PCM_OSS=m CONFIG_SND_PCM_OSS_PLUGINS=y CONFIG_SND_PCM_TIMER=y CONFIG_SND_HRTIMER=m -# CONFIG_SND_DYNAMIC_MINORS is not set +CONFIG_SND_DYNAMIC_MINORS=y +CONFIG_SND_MAX_CARDS=64 CONFIG_SND_SUPPORT_OLD_API=y CONFIG_SND_PROC_FS=y CONFIG_SND_VERBOSE_PROCFS=y @@ -4357,6 +4895,7 @@ CONFIG_SND_HDA_POWER_SAVE_DEFAULT=0 CONFIG_SND_HDA_CORE=m CONFIG_SND_HDA_I915=y CONFIG_SND_HDA_PREALLOC_SIZE=64 +CONFIG_SND_SPI=y CONFIG_SND_USB=y CONFIG_SND_USB_AUDIO=m CONFIG_SND_USB_UA101=m @@ -4396,8 +4935,8 @@ CONFIG_AC97_BUS=m # HID support # CONFIG_HID=y -# CONFIG_HID_BATTERY_STRENGTH is not set -# CONFIG_HIDRAW is not set +CONFIG_HID_BATTERY_STRENGTH=y +CONFIG_HIDRAW=y CONFIG_UHID=m CONFIG_HID_GENERIC=y @@ -4444,6 +4983,7 @@ CONFIG_HID_LCPOWER=m CONFIG_HID_LED=m CONFIG_HID_LENOVO=m CONFIG_HID_LOGITECH=y +# CONFIG_HID_LOGITECH_DJ is not set CONFIG_HID_LOGITECH_HIDPP=m CONFIG_LOGITECH_FF=y CONFIG_LOGIRUMBLEPAD2_FF=y @@ -4462,11 +5002,11 @@ CONFIG_PANTHERLORD_FF=y CONFIG_HID_PENMOUNT=m CONFIG_HID_PETALYNX=m CONFIG_HID_PICOLCD=m -CONFIG_HID_PICOLCD_FB=y -CONFIG_HID_PICOLCD_BACKLIGHT=y -CONFIG_HID_PICOLCD_LCD=y -CONFIG_HID_PICOLCD_LEDS=y -CONFIG_HID_PICOLCD_CIR=y +# CONFIG_HID_PICOLCD_FB is not set +# CONFIG_HID_PICOLCD_BACKLIGHT is not set +# CONFIG_HID_PICOLCD_LCD is not set +# CONFIG_HID_PICOLCD_LEDS is not set +# CONFIG_HID_PICOLCD_CIR is not set CONFIG_HID_PLANTRONICS=m CONFIG_HID_PRIMAX=m CONFIG_HID_RETRODE=m @@ -4505,12 +5045,12 @@ CONFIG_HID_ALPS=m # CONFIG_USB_HID=y # CONFIG_HID_PID is not set -# CONFIG_USB_HIDDEV is not set +CONFIG_USB_HIDDEV=y # # I2C HID support # -# CONFIG_I2C_HID is not set +CONFIG_I2C_HID=m # # Intel ISH HID support @@ -4522,7 +5062,7 @@ CONFIG_USB_COMMON=y CONFIG_USB_ARCH_HAS_HCD=y CONFIG_USB=y CONFIG_USB_PCI=y -# CONFIG_USB_ANNOUNCE_NEW_DEVICES is not set +CONFIG_USB_ANNOUNCE_NEW_DEVICES=y # # Miscellaneous USB options @@ -4531,8 +5071,9 @@ CONFIG_USB_DEFAULT_PERSIST=y # CONFIG_USB_DYNAMIC_MINORS is not set # CONFIG_USB_OTG is not set # CONFIG_USB_OTG_WHITELIST is not set +# CONFIG_USB_OTG_BLACKLIST_HUB is not set # CONFIG_USB_LEDS_TRIGGER_USBPORT is not set -# CONFIG_USB_MON is not set +CONFIG_USB_MON=y # CONFIG_USB_WUSB_CBAF is not set # @@ -4551,11 +5092,12 @@ CONFIG_USB_OXU210HP_HCD=y CONFIG_USB_ISP116X_HCD=y CONFIG_USB_ISP1362_HCD=y CONFIG_USB_FOTG210_HCD=y +# CONFIG_USB_MAX3421_HCD is not set CONFIG_USB_OHCI_HCD=y CONFIG_USB_OHCI_HCD_PCI=y # CONFIG_USB_OHCI_HCD_PLATFORM is not set CONFIG_USB_UHCI_HCD=y -# CONFIG_USB_U132_HCD is not set +CONFIG_USB_U132_HCD=m CONFIG_USB_SL811_HCD=y # CONFIG_USB_SL811_HCD_ISO is not set # CONFIG_USB_SL811_CS is not set @@ -4570,7 +5112,7 @@ CONFIG_USB_R8A66597_HCD=y CONFIG_USB_ACM=m CONFIG_USB_PRINTER=m CONFIG_USB_WDM=m -# CONFIG_USB_TMC is not set +CONFIG_USB_TMC=m # # NOTE: USB_STORAGE depends on SCSI but BLK_DEV_SD may @@ -4603,9 +5145,11 @@ CONFIG_USB_UAS=y # CONFIG_USB_MDC800 is not set # CONFIG_USB_MICROTEK is not set CONFIG_USBIP_CORE=m -# CONFIG_USBIP_VHCI_HCD is not set -# CONFIG_USBIP_HOST is not set -# CONFIG_USBIP_VUDC is not set +CONFIG_USBIP_VHCI_HCD=m +CONFIG_USBIP_VHCI_HC_PORTS=8 +CONFIG_USBIP_VHCI_NR_HCS=1 +CONFIG_USBIP_HOST=m +CONFIG_USBIP_VUDC=m # CONFIG_USBIP_DEBUG is not set # CONFIG_USB_MUSB_HDRC is not set # CONFIG_USB_DWC3 is not set @@ -4705,6 +5249,7 @@ CONFIG_USB_HSIC_USB3503=m CONFIG_USB_HSIC_USB4604=m # CONFIG_USB_LINK_LAYER_TEST is not set # CONFIG_USB_CHAOSKEY is not set +# CONFIG_USB_ATM is not set # # USB Physical Layer drivers @@ -4713,6 +5258,7 @@ CONFIG_USB_HSIC_USB4604=m # CONFIG_NOP_USB_XCEIV is not set # CONFIG_USB_ISP1301 is not set CONFIG_USB_GADGET=m +# CONFIG_USB_GADGET_DEBUG is not set # CONFIG_USB_GADGET_DEBUG_FILES is not set CONFIG_USB_GADGET_VBUS_DRAW=2 CONFIG_USB_GADGET_STORAGE_NUM_BUFFERS=2 @@ -4778,6 +5324,7 @@ CONFIG_MMC_SDHCI_CADENCE=m CONFIG_MMC_SDHCI_F_SDH30=m CONFIG_MMC_WBSD=m CONFIG_MMC_TIFM_SD=m +# CONFIG_MMC_SPI is not set CONFIG_MMC_SDRICOH_CS=m CONFIG_MMC_CB710=m CONFIG_MMC_VIA_SDMMC=m @@ -4787,7 +5334,22 @@ CONFIG_MMC_USDHI6ROL0=m CONFIG_MMC_TOSHIBA_PCI=m CONFIG_MMC_MTK=m CONFIG_MMC_SDHCI_XENON=m -# CONFIG_MEMSTICK is not set +CONFIG_MEMSTICK=m +# CONFIG_MEMSTICK_DEBUG is not set + +# +# MemoryStick drivers +# +# CONFIG_MEMSTICK_UNSAFE_RESUME is not set +CONFIG_MSPRO_BLOCK=m +CONFIG_MS_BLOCK=m + +# +# MemoryStick Host Controller Drivers +# +CONFIG_MEMSTICK_TIFM_MS=m +CONFIG_MEMSTICK_JMICRON_38X=m +CONFIG_MEMSTICK_R592=m CONFIG_NEW_LEDS=y CONFIG_LEDS_CLASS=m # CONFIG_LEDS_CLASS_FLASH is not set @@ -4810,6 +5372,7 @@ CONFIG_LEDS_CLASS=m # CONFIG_LEDS_CLEVO_MAIL is not set # CONFIG_LEDS_PCA955X is not set # CONFIG_LEDS_PCA963X is not set +# CONFIG_LEDS_DAC124S085 is not set # CONFIG_LEDS_BD2802 is not set # CONFIG_LEDS_INTEL_SS4200 is not set # CONFIG_LEDS_TCA6507 is not set @@ -4844,7 +5407,7 @@ CONFIG_LEDS_TRIGGERS=y # CONFIG_LEDS_TRIGGER_TRANSIENT is not set # CONFIG_LEDS_TRIGGER_CAMERA is not set # CONFIG_LEDS_TRIGGER_PANIC is not set -# CONFIG_ACCESSIBILITY is not set +CONFIG_ACCESSIBILITY=y # CONFIG_INFINIBAND is not set CONFIG_EDAC_ATOMIC_SCRUB=y CONFIG_EDAC_SUPPORT=y @@ -4887,80 +5450,136 @@ CONFIG_RTC_INTF_DEV=y # # I2C RTC drivers # -# CONFIG_RTC_DRV_ABB5ZES3 is not set -# CONFIG_RTC_DRV_ABX80X is not set -# CONFIG_RTC_DRV_DS1307 is not set -# CONFIG_RTC_DRV_DS1374 is not set -# CONFIG_RTC_DRV_DS1672 is not set -# CONFIG_RTC_DRV_HYM8563 is not set -# CONFIG_RTC_DRV_MAX6900 is not set -# CONFIG_RTC_DRV_RS5C372 is not set -# CONFIG_RTC_DRV_ISL1208 is not set -# CONFIG_RTC_DRV_ISL12022 is not set -# CONFIG_RTC_DRV_X1205 is not set -# CONFIG_RTC_DRV_PCF8523 is not set -# CONFIG_RTC_DRV_PCF85063 is not set -# CONFIG_RTC_DRV_PCF8563 is not set -# CONFIG_RTC_DRV_PCF8583 is not set -# CONFIG_RTC_DRV_M41T80 is not set -# CONFIG_RTC_DRV_BQ32K is not set -# CONFIG_RTC_DRV_S35390A is not set -# CONFIG_RTC_DRV_FM3130 is not set -# CONFIG_RTC_DRV_RX8010 is not set -# CONFIG_RTC_DRV_RX8581 is not set -# CONFIG_RTC_DRV_RX8025 is not set -# CONFIG_RTC_DRV_EM3027 is not set -# CONFIG_RTC_DRV_RV8803 is not set +CONFIG_RTC_DRV_ABB5ZES3=m +CONFIG_RTC_DRV_ABX80X=m +CONFIG_RTC_DRV_DS1307=m +CONFIG_RTC_DRV_DS1307_HWMON=y +CONFIG_RTC_DRV_DS1307_CENTURY=y +CONFIG_RTC_DRV_DS1374=m +CONFIG_RTC_DRV_DS1374_WDT=y +CONFIG_RTC_DRV_DS1672=m +CONFIG_RTC_DRV_HYM8563=m +CONFIG_RTC_DRV_MAX6900=m +CONFIG_RTC_DRV_RS5C372=m +CONFIG_RTC_DRV_ISL1208=m +CONFIG_RTC_DRV_ISL12022=m +CONFIG_RTC_DRV_X1205=m +CONFIG_RTC_DRV_PCF8523=m +CONFIG_RTC_DRV_PCF85063=m +CONFIG_RTC_DRV_PCF8563=m +CONFIG_RTC_DRV_PCF8583=m +CONFIG_RTC_DRV_M41T80=m +CONFIG_RTC_DRV_M41T80_WDT=y +CONFIG_RTC_DRV_BQ32K=m +CONFIG_RTC_DRV_S35390A=m +CONFIG_RTC_DRV_FM3130=m +CONFIG_RTC_DRV_RX8010=m +CONFIG_RTC_DRV_RX8581=m +CONFIG_RTC_DRV_RX8025=m +CONFIG_RTC_DRV_EM3027=m +CONFIG_RTC_DRV_RV8803=m # # SPI RTC drivers # +# CONFIG_RTC_DRV_M41T93 is not set +# CONFIG_RTC_DRV_M41T94 is not set +# CONFIG_RTC_DRV_DS1302 is not set +# CONFIG_RTC_DRV_DS1305 is not set +# CONFIG_RTC_DRV_DS1343 is not set +# CONFIG_RTC_DRV_DS1347 is not set +# CONFIG_RTC_DRV_DS1390 is not set +# CONFIG_RTC_DRV_MAX6916 is not set +# CONFIG_RTC_DRV_R9701 is not set +# CONFIG_RTC_DRV_RX4581 is not set +# CONFIG_RTC_DRV_RX6110 is not set +# CONFIG_RTC_DRV_RS5C348 is not set +# CONFIG_RTC_DRV_MAX6902 is not set +# CONFIG_RTC_DRV_PCF2123 is not set +# CONFIG_RTC_DRV_MCP795 is not set CONFIG_RTC_I2C_AND_SPI=m # # SPI and I2C RTC drivers # -# CONFIG_RTC_DRV_DS3232 is not set -# CONFIG_RTC_DRV_PCF2127 is not set -# CONFIG_RTC_DRV_RV3029C2 is not set +CONFIG_RTC_DRV_DS3232=m +CONFIG_RTC_DRV_DS3232_HWMON=y +CONFIG_RTC_DRV_PCF2127=m +CONFIG_RTC_DRV_RV3029C2=m +CONFIG_RTC_DRV_RV3029_HWMON=y # # Platform RTC drivers # CONFIG_RTC_DRV_CMOS=y -# CONFIG_RTC_DRV_DS1286 is not set -# CONFIG_RTC_DRV_DS1511 is not set -# CONFIG_RTC_DRV_DS1553 is not set -# CONFIG_RTC_DRV_DS1685_FAMILY is not set -# CONFIG_RTC_DRV_DS1742 is not set -# CONFIG_RTC_DRV_DS2404 is not set -# CONFIG_RTC_DRV_STK17TA8 is not set -# CONFIG_RTC_DRV_M48T86 is not set -# CONFIG_RTC_DRV_M48T35 is not set -# CONFIG_RTC_DRV_M48T59 is not set -# CONFIG_RTC_DRV_MSM6242 is not set -# CONFIG_RTC_DRV_BQ4802 is not set -# CONFIG_RTC_DRV_RP5C01 is not set -# CONFIG_RTC_DRV_V3020 is not set -# CONFIG_RTC_DRV_ZYNQMP is not set +CONFIG_RTC_DRV_DS1286=m +CONFIG_RTC_DRV_DS1511=m +CONFIG_RTC_DRV_DS1553=m +CONFIG_RTC_DRV_DS1685_FAMILY=m +CONFIG_RTC_DRV_DS1685=y +# CONFIG_RTC_DRV_DS1689 is not set +# CONFIG_RTC_DRV_DS17285 is not set +# CONFIG_RTC_DRV_DS17485 is not set +# CONFIG_RTC_DRV_DS17885 is not set +# CONFIG_RTC_DS1685_PROC_REGS is not set +# CONFIG_RTC_DS1685_SYSFS_REGS is not set +CONFIG_RTC_DRV_DS1742=m +CONFIG_RTC_DRV_DS2404=m +CONFIG_RTC_DRV_STK17TA8=m +CONFIG_RTC_DRV_M48T86=m +CONFIG_RTC_DRV_M48T35=m +CONFIG_RTC_DRV_M48T59=m +CONFIG_RTC_DRV_MSM6242=m +CONFIG_RTC_DRV_BQ4802=m +CONFIG_RTC_DRV_RP5C01=m +CONFIG_RTC_DRV_V3020=m +CONFIG_RTC_DRV_ZYNQMP=m # # on-CPU RTC drivers # -# CONFIG_RTC_DRV_FTRTC010 is not set -# CONFIG_RTC_DRV_SNVS is not set -# CONFIG_RTC_DRV_R7301 is not set +CONFIG_RTC_DRV_FTRTC010=m +CONFIG_RTC_DRV_SNVS=m +CONFIG_RTC_DRV_R7301=m # # HID Sensor RTC drivers # # CONFIG_RTC_DRV_HID_SENSOR_TIME is not set -# CONFIG_DMADEVICES is not set +CONFIG_DMADEVICES=y +# CONFIG_DMADEVICES_DEBUG is not set + +# +# DMA Devices +# +CONFIG_DMA_ENGINE=y +CONFIG_DMA_VIRTUAL_CHANNELS=y +CONFIG_DMA_ACPI=y +CONFIG_DMA_OF=y +# CONFIG_ALTERA_MSGDMA is not set +# CONFIG_FSL_EDMA is not set +CONFIG_INTEL_IDMA64=m +CONFIG_INTEL_IOATDMA=m +CONFIG_INTEL_MIC_X100_DMA=m +# CONFIG_QCOM_HIDMA_MGMT is not set +# CONFIG_QCOM_HIDMA is not set +CONFIG_DW_DMAC_CORE=y +# CONFIG_DW_DMAC is not set +CONFIG_DW_DMAC_PCI=y +CONFIG_HSU_DMA=y + +# +# DMA Clients +# +# CONFIG_ASYNC_TX_DMA is not set +# CONFIG_DMATEST is not set +CONFIG_DMA_ENGINE_RAID=y # # DMABUF options # CONFIG_SYNC_FILE=y +CONFIG_DCA=m # CONFIG_AUXDISPLAY is not set # CONFIG_PANEL is not set CONFIG_UIO=y @@ -5025,54 +5644,73 @@ CONFIG_XEN_SYMS=y CONFIG_XEN_HAVE_VPMU=y # CONFIG_STAGING is not set CONFIG_X86_PLATFORM_DEVICES=y -# CONFIG_ACER_WMI is not set -# CONFIG_ACERHDF is not set -# CONFIG_ALIENWARE_WMI is not set -# CONFIG_ASUS_LAPTOP is not set -# CONFIG_DELL_LAPTOP is not set -# CONFIG_DELL_WMI is not set -# CONFIG_DELL_WMI_AIO is not set -# CONFIG_DELL_WMI_LED is not set -# CONFIG_DELL_SMO8800 is not set -# CONFIG_FUJITSU_LAPTOP is not set -# CONFIG_FUJITSU_TABLET is not set -# CONFIG_HP_ACCEL is not set -# CONFIG_HP_WIRELESS is not set -# CONFIG_HP_WMI is not set -# CONFIG_PANASONIC_LAPTOP is not set -# CONFIG_THINKPAD_ACPI is not set -# CONFIG_SENSORS_HDAPS is not set -# CONFIG_INTEL_MENLOW is not set -# CONFIG_EEEPC_LAPTOP is not set -# CONFIG_ASUS_WMI is not set -# CONFIG_ASUS_WIRELESS is not set +CONFIG_ACER_WMI=m +CONFIG_ACERHDF=m +CONFIG_ALIENWARE_WMI=m +CONFIG_ASUS_LAPTOP=m +CONFIG_DELL_SMBIOS=m +CONFIG_DELL_LAPTOP=m +CONFIG_DELL_WMI=m +CONFIG_DELL_WMI_AIO=m +CONFIG_DELL_WMI_LED=m +CONFIG_DELL_SMO8800=m +CONFIG_DELL_RBTN=m +CONFIG_FUJITSU_LAPTOP=m +CONFIG_FUJITSU_TABLET=m +CONFIG_AMILO_RFKILL=m +CONFIG_HP_ACCEL=m +CONFIG_HP_WIRELESS=m +CONFIG_HP_WMI=m +CONFIG_MSI_LAPTOP=m +CONFIG_PANASONIC_LAPTOP=m +CONFIG_COMPAL_LAPTOP=m +CONFIG_SONY_LAPTOP=m +# CONFIG_SONYPI_COMPAT is not set +CONFIG_IDEAPAD_LAPTOP=m +CONFIG_SURFACE3_WMI=m +CONFIG_THINKPAD_ACPI=m +CONFIG_THINKPAD_ACPI_ALSA_SUPPORT=y +# CONFIG_THINKPAD_ACPI_DEBUGFACILITIES is not set +# CONFIG_THINKPAD_ACPI_DEBUG is not set +# CONFIG_THINKPAD_ACPI_UNSAFE_LEDS is not set +CONFIG_THINKPAD_ACPI_VIDEO=y +CONFIG_THINKPAD_ACPI_HOTKEY_POLL=y +CONFIG_SENSORS_HDAPS=m +CONFIG_INTEL_MENLOW=m +CONFIG_EEEPC_LAPTOP=m +CONFIG_ASUS_WMI=m +CONFIG_ASUS_NB_WMI=m +CONFIG_EEEPC_WMI=m +CONFIG_ASUS_WIRELESS=m CONFIG_ACPI_WMI=m CONFIG_WMI_BMOF=m -# CONFIG_MSI_WMI is not set -# CONFIG_PEAQ_WMI is not set -# CONFIG_TOPSTAR_LAPTOP is not set -# CONFIG_TOSHIBA_BT_RFKILL is not set -# CONFIG_TOSHIBA_HAPS is not set -# CONFIG_TOSHIBA_WMI is not set -# CONFIG_ACPI_CMPC is not set -# CONFIG_INTEL_CHT_INT33FE is not set -# CONFIG_INTEL_HID_EVENT is not set -# CONFIG_INTEL_VBTN is not set -# CONFIG_INTEL_IPS is not set +CONFIG_MSI_WMI=m +CONFIG_PEAQ_WMI=m +CONFIG_TOPSTAR_LAPTOP=m +CONFIG_TOSHIBA_BT_RFKILL=m +CONFIG_TOSHIBA_HAPS=m +CONFIG_TOSHIBA_WMI=m +CONFIG_ACPI_CMPC=m +CONFIG_INTEL_CHT_INT33FE=m +CONFIG_INTEL_HID_EVENT=m +CONFIG_INTEL_VBTN=m +CONFIG_INTEL_IPS=m # CONFIG_INTEL_PMC_CORE is not set # CONFIG_IBM_RTL is not set -# CONFIG_SAMSUNG_LAPTOP is not set +CONFIG_SAMSUNG_LAPTOP=m CONFIG_MXM_WMI=m -# CONFIG_SAMSUNG_Q10 is not set -# CONFIG_APPLE_GMUX is not set -# CONFIG_INTEL_RST is not set -# CONFIG_INTEL_SMARTCONNECT is not set -# CONFIG_PVPANIC is not set -# CONFIG_INTEL_PMC_IPC is not set -# CONFIG_SURFACE_PRO3_BUTTON is not set -# CONFIG_INTEL_PUNIT_IPC is not set -# CONFIG_MLX_PLATFORM is not set -# CONFIG_MLX_CPLD_PLATFORM is not set +CONFIG_INTEL_OAKTRAIL=m +CONFIG_SAMSUNG_Q10=m +CONFIG_APPLE_GMUX=m +CONFIG_INTEL_RST=m +CONFIG_INTEL_SMARTCONNECT=m +CONFIG_PVPANIC=m +CONFIG_INTEL_PMC_IPC=m +CONFIG_SURFACE_PRO3_BUTTON=m +CONFIG_INTEL_PUNIT_IPC=m +CONFIG_INTEL_TELEMETRY=m +CONFIG_MLX_PLATFORM=m +CONFIG_MLX_CPLD_PLATFORM=m # CONFIG_INTEL_TURBO_MAX_3 is not set CONFIG_PMC_ATOM=y # CONFIG_CHROME_PLATFORMS is not set @@ -5216,7 +5854,7 @@ CONFIG_GENERIC_PHY=y # Performance monitor support # CONFIG_RAS=y -# CONFIG_THUNDERBOLT is not set +CONFIG_THUNDERBOLT=m # # Android @@ -5246,7 +5884,7 @@ CONFIG_NVMEM=y # CONFIG_EDD is not set CONFIG_FIRMWARE_MEMMAP=y # CONFIG_DELL_RBU is not set -# CONFIG_DCDBAS is not set +CONFIG_DCDBAS=m CONFIG_DMIID=y # CONFIG_DMI_SYSFS is not set CONFIG_DMI_SCAN_MACHINE_NON_EFI_FALLBACK=y @@ -5280,10 +5918,14 @@ CONFIG_EFI_DEV_PATH_PARSER=y # CONFIG_DCACHE_WORD_ACCESS=y CONFIG_FS_IOMAP=y -# CONFIG_EXT2_FS is not set -# CONFIG_EXT3_FS is not set +CONFIG_EXT2_FS=y +CONFIG_EXT2_FS_XATTR=y +CONFIG_EXT2_FS_POSIX_ACL=y +CONFIG_EXT2_FS_SECURITY=y +CONFIG_EXT3_FS=y +CONFIG_EXT3_FS_POSIX_ACL=y +CONFIG_EXT3_FS_SECURITY=y CONFIG_EXT4_FS=y -CONFIG_EXT4_USE_FOR_EXT2=y CONFIG_EXT4_FS_POSIX_ACL=y CONFIG_EXT4_FS_SECURITY=y # CONFIG_EXT4_ENCRYPTION is not set @@ -5337,7 +5979,8 @@ CONFIG_FS_ENCRYPTION=y CONFIG_FSNOTIFY=y CONFIG_DNOTIFY=y CONFIG_INOTIFY_USER=y -# CONFIG_FANOTIFY is not set +CONFIG_FANOTIFY=y +# CONFIG_FANOTIFY_ACCESS_PERMISSIONS is not set CONFIG_QUOTA=y # CONFIG_QUOTA_NETLINK_INTERFACE is not set CONFIG_PRINT_QUOTA_WARNING=y @@ -5403,7 +6046,8 @@ CONFIG_MISC_FILESYSTEMS=y # CONFIG_ORANGEFS_FS is not set # CONFIG_ADFS_FS is not set CONFIG_AFFS_FS=m -# CONFIG_ECRYPT_FS is not set +CONFIG_ECRYPT_FS=m +# CONFIG_ECRYPT_FS_MESSAGING is not set CONFIG_HFS_FS=m CONFIG_HFSPLUS_FS=m CONFIG_HFSPLUS_FS_POSIX_ACL=y @@ -5480,7 +6124,8 @@ CONFIG_SUNRPC_GSS=m CONFIG_SUNRPC_BACKCHANNEL=y CONFIG_RPCSEC_GSS_KRB5=m # CONFIG_SUNRPC_DEBUG is not set -# CONFIG_CEPH_FS is not set +CONFIG_CEPH_FS=m +CONFIG_CEPH_FS_POSIX_ACL=y CONFIG_CIFS=m # CONFIG_CIFS_STATS is not set # CONFIG_CIFS_WEAK_PW_HASH is not set @@ -5494,6 +6139,7 @@ CONFIG_CIFS_DEBUG=y # CONFIG_NCP_FS is not set # CONFIG_CODA_FS is not set # CONFIG_AFS_FS is not set +# CONFIG_9P_FS is not set CONFIG_NLS=y CONFIG_NLS_DEFAULT="iso8859-1" CONFIG_NLS_CODEPAGE_437=m @@ -5558,68 +6204,116 @@ CONFIG_TRACE_IRQFLAGS_SUPPORT=y # CONFIG_PRINTK_TIME is not set CONFIG_CONSOLE_LOGLEVEL_DEFAULT=7 CONFIG_MESSAGE_LOGLEVEL_DEFAULT=4 +# CONFIG_BOOT_PRINTK_DELAY is not set # # Compile-time checks and compiler options # +# CONFIG_DEBUG_INFO is not set CONFIG_ENABLE_WARN_DEPRECATED=y CONFIG_ENABLE_MUST_CHECK=y CONFIG_FRAME_WARN=2048 # CONFIG_STRIP_ASM_SYMS is not set +# CONFIG_READABLE_ASM is not set CONFIG_UNUSED_SYMBOLS=y +# CONFIG_PAGE_OWNER is not set # CONFIG_DEBUG_FS is not set # CONFIG_HEADERS_CHECK is not set # CONFIG_DEBUG_SECTION_MISMATCH is not set CONFIG_SECTION_MISMATCH_WARN_ONLY=y CONFIG_FRAME_POINTER=y # CONFIG_STACK_VALIDATION is not set +# CONFIG_DEBUG_FORCE_WEAK_PER_CPU is not set CONFIG_MAGIC_SYSRQ=y CONFIG_MAGIC_SYSRQ_DEFAULT_ENABLE=0x0 CONFIG_MAGIC_SYSRQ_SERIAL=y -# CONFIG_DEBUG_KERNEL is not set +CONFIG_DEBUG_KERNEL=y # # Memory Debugging # # CONFIG_PAGE_EXTENSION is not set +# CONFIG_DEBUG_PAGEALLOC is not set # CONFIG_PAGE_POISONING is not set # CONFIG_DEBUG_RODATA_TEST is not set +# CONFIG_DEBUG_OBJECTS is not set # CONFIG_SLUB_DEBUG_ON is not set # CONFIG_SLUB_STATS is not set CONFIG_HAVE_DEBUG_KMEMLEAK=y +# CONFIG_DEBUG_KMEMLEAK is not set +# CONFIG_DEBUG_STACK_USAGE is not set +# CONFIG_DEBUG_VM is not set CONFIG_ARCH_HAS_DEBUG_VIRTUAL=y -CONFIG_DEBUG_MEMORY_INIT=y +# CONFIG_DEBUG_VIRTUAL is not set +# CONFIG_DEBUG_MEMORY_INIT is not set +# CONFIG_DEBUG_PER_CPU_MAPS is not set CONFIG_HAVE_DEBUG_STACKOVERFLOW=y +# CONFIG_DEBUG_STACKOVERFLOW is not set CONFIG_HAVE_ARCH_KMEMCHECK=y +# CONFIG_KMEMCHECK is not set CONFIG_HAVE_ARCH_KASAN=y # CONFIG_KASAN is not set CONFIG_ARCH_HAS_KCOV=y # CONFIG_KCOV is not set +# CONFIG_DEBUG_SHIRQ is not set # # Debug Lockups and Hangs # +# CONFIG_SOFTLOCKUP_DETECTOR is not set CONFIG_HARDLOCKUP_CHECK_TIMESTAMP=y +# CONFIG_HARDLOCKUP_DETECTOR is not set +# CONFIG_DETECT_HUNG_TASK is not set +# CONFIG_WQ_WATCHDOG is not set # CONFIG_PANIC_ON_OOPS is not set CONFIG_PANIC_ON_OOPS_VALUE=0 CONFIG_PANIC_TIMEOUT=0 +CONFIG_SCHED_DEBUG=y CONFIG_SCHED_INFO=y +# CONFIG_SCHEDSTATS is not set +# CONFIG_SCHED_STACK_END_CHECK is not set # CONFIG_DEBUG_TIMEKEEPING is not set # # Lock Debugging (spinlocks, mutexes, etc...) # +# CONFIG_DEBUG_RT_MUTEXES is not set +# CONFIG_DEBUG_SPINLOCK is not set +# CONFIG_DEBUG_MUTEXES is not set +# CONFIG_DEBUG_WW_MUTEX_SLOWPATH is not set +# CONFIG_DEBUG_LOCK_ALLOC is not set +# CONFIG_PROVE_LOCKING is not set +# CONFIG_LOCK_STAT is not set +# CONFIG_DEBUG_ATOMIC_SLEEP is not set +# CONFIG_DEBUG_LOCKING_API_SELFTESTS is not set +# CONFIG_LOCK_TORTURE_TEST is not set # CONFIG_WW_MUTEX_SELFTEST is not set -# CONFIG_STACKTRACE is not set +CONFIG_STACKTRACE=y # CONFIG_WARN_ALL_UNSEEDED_RANDOM is not set +# CONFIG_DEBUG_KOBJECT is not set CONFIG_DEBUG_BUGVERBOSE=y +# CONFIG_DEBUG_LIST is not set +# CONFIG_DEBUG_PI_LIST is not set +# CONFIG_DEBUG_SG is not set +# CONFIG_DEBUG_NOTIFIERS is not set +# CONFIG_DEBUG_CREDENTIALS is not set # # RCU Debugging # # CONFIG_PROVE_RCU is not set # CONFIG_TORTURE_TEST is not set +# CONFIG_RCU_PERF_TEST is not set +# CONFIG_RCU_TORTURE_TEST is not set CONFIG_RCU_CPU_STALL_TIMEOUT=21 +# CONFIG_RCU_TRACE is not set +# CONFIG_RCU_EQS_DEBUG is not set +# CONFIG_DEBUG_WQ_FORCE_RR_CPU is not set +# CONFIG_DEBUG_BLOCK_EXT_DEVT is not set +# CONFIG_CPU_HOTPLUG_STATE_CONTROL is not set +# CONFIG_NOTIFIER_ERROR_INJECTION is not set +# CONFIG_FAULT_INJECTION is not set +# CONFIG_LATENCYTOP is not set CONFIG_USER_STACKTRACE_SUPPORT=y CONFIG_HAVE_FUNCTION_TRACER=y CONFIG_HAVE_FUNCTION_GRAPH_TRACER=y @@ -5642,6 +6336,10 @@ CONFIG_TRACING_SUPPORT=y # # CONFIG_TEST_LIST_SORT is not set # CONFIG_TEST_SORT is not set +# CONFIG_BACKTRACE_SELF_TEST is not set +# CONFIG_RBTREE_TEST is not set +# CONFIG_INTERVAL_TREE_TEST is not set +# CONFIG_PERCPU_TEST is not set # CONFIG_ATOMIC64_SELFTEST is not set # CONFIG_ASYNC_RAID6_TEST is not set # CONFIG_TEST_HEXDUMP is not set @@ -5652,6 +6350,7 @@ CONFIG_TRACING_SUPPORT=y # CONFIG_TEST_UUID is not set # CONFIG_TEST_RHASHTABLE is not set # CONFIG_TEST_HASH is not set +# CONFIG_TEST_PARMAN is not set # CONFIG_TEST_LKM is not set # CONFIG_TEST_USER_COPY is not set # CONFIG_TEST_BPF is not set @@ -5664,20 +6363,24 @@ CONFIG_TRACING_SUPPORT=y # CONFIG_BUG_ON_DATA_CORRUPTION is not set # CONFIG_SAMPLES is not set CONFIG_HAVE_ARCH_KGDB=y +# CONFIG_KGDB is not set CONFIG_ARCH_HAS_UBSAN_SANITIZE_ALL=y # CONFIG_ARCH_WANTS_UBSAN_NO_NULL is not set # CONFIG_UBSAN is not set CONFIG_ARCH_HAS_DEVMEM_IS_ALLOWED=y -# CONFIG_STRICT_DEVMEM is not set +CONFIG_STRICT_DEVMEM=y +# CONFIG_IO_STRICT_DEVMEM is not set CONFIG_X86_VERBOSE_BOOTUP=y CONFIG_EARLY_PRINTK=y # CONFIG_EARLY_PRINTK_DBGP is not set # CONFIG_EARLY_PRINTK_EFI is not set # CONFIG_EARLY_PRINTK_USB_XDBC is not set CONFIG_X86_PTDUMP_CORE=y +# CONFIG_X86_PTDUMP is not set # CONFIG_EFI_PGT_DUMP is not set CONFIG_DEBUG_WX=y CONFIG_DOUBLEFAULT=y +# CONFIG_DEBUG_TLBFLUSH is not set # CONFIG_IOMMU_STRESS is not set CONFIG_HAVE_MMIOTRACE_SUPPORT=y CONFIG_IO_DELAY_TYPE_0X80=0 @@ -5689,10 +6392,15 @@ CONFIG_IO_DELAY_0X80=y # CONFIG_IO_DELAY_UDELAY is not set # CONFIG_IO_DELAY_NONE is not set CONFIG_DEFAULT_IO_DELAY_TYPE=0 +# CONFIG_CPA_DEBUG is not set # CONFIG_OPTIMIZE_INLINING is not set +# CONFIG_DEBUG_ENTRY is not set +# CONFIG_DEBUG_NMI_SELFTEST is not set +CONFIG_X86_DEBUG_FPU=y # CONFIG_PUNIT_ATOM_DEBUG is not set -CONFIG_FRAME_POINTER_UNWINDER=y -# CONFIG_ORC_UNWINDER is not set +# CONFIG_UNWINDER_ORC is not set +CONFIG_UNWINDER_FRAME_POINTER=y +# CONFIG_UNWINDER_GUESS is not set # # Security options @@ -5709,6 +6417,7 @@ CONFIG_SECURITY=y # CONFIG_SECURITY_WRITABLE_HOOKS is not set CONFIG_SECURITYFS=y CONFIG_SECURITY_NETWORK=y +CONFIG_PAGE_TABLE_ISOLATION=y # CONFIG_SECURITY_NETWORK_XFRM is not set CONFIG_SECURITY_PATH=y CONFIG_INTEL_TXT=y @@ -5759,9 +6468,10 @@ CONFIG_CRYPTO_RNG_DEFAULT=y CONFIG_CRYPTO_AKCIPHER2=y CONFIG_CRYPTO_AKCIPHER=y CONFIG_CRYPTO_KPP2=y +CONFIG_CRYPTO_KPP=m CONFIG_CRYPTO_ACOMP2=y CONFIG_CRYPTO_RSA=y -# CONFIG_CRYPTO_DH is not set +CONFIG_CRYPTO_DH=m CONFIG_CRYPTO_ECDH=m CONFIG_CRYPTO_MANAGER=y CONFIG_CRYPTO_MANAGER2=y @@ -5772,10 +6482,13 @@ CONFIG_CRYPTO_NULL=y CONFIG_CRYPTO_NULL2=y # CONFIG_CRYPTO_PCRYPT is not set CONFIG_CRYPTO_WORKQUEUE=y -# CONFIG_CRYPTO_CRYPTD is not set +CONFIG_CRYPTO_CRYPTD=y # CONFIG_CRYPTO_MCRYPTD is not set CONFIG_CRYPTO_AUTHENC=m # CONFIG_CRYPTO_TEST is not set +CONFIG_CRYPTO_ABLK_HELPER=m +CONFIG_CRYPTO_SIMD=y +CONFIG_CRYPTO_GLUE_HELPER_X86=y CONFIG_CRYPTO_ENGINE=m # @@ -5794,7 +6507,7 @@ CONFIG_CRYPTO_CBC=y CONFIG_CRYPTO_CTR=y CONFIG_CRYPTO_CTS=y CONFIG_CRYPTO_ECB=y -# CONFIG_CRYPTO_LRW is not set +CONFIG_CRYPTO_LRW=m # CONFIG_CRYPTO_PCBC is not set CONFIG_CRYPTO_XTS=y # CONFIG_CRYPTO_KEYWRAP is not set @@ -5811,7 +6524,7 @@ CONFIG_CRYPTO_HMAC=y # Digest # CONFIG_CRYPTO_CRC32C=y -# CONFIG_CRYPTO_CRC32C_INTEL is not set +CONFIG_CRYPTO_CRC32C_INTEL=m CONFIG_CRYPTO_CRC32=y # CONFIG_CRYPTO_CRC32_PCLMUL is not set CONFIG_CRYPTO_CRCT10DIF=y @@ -5827,17 +6540,17 @@ CONFIG_CRYPTO_MICHAEL_MIC=m # CONFIG_CRYPTO_RMD256 is not set # CONFIG_CRYPTO_RMD320 is not set CONFIG_CRYPTO_SHA1=y -# CONFIG_CRYPTO_SHA1_SSSE3 is not set -# CONFIG_CRYPTO_SHA256_SSSE3 is not set -# CONFIG_CRYPTO_SHA512_SSSE3 is not set +CONFIG_CRYPTO_SHA1_SSSE3=y +CONFIG_CRYPTO_SHA256_SSSE3=y +CONFIG_CRYPTO_SHA512_SSSE3=y # CONFIG_CRYPTO_SHA1_MB is not set # CONFIG_CRYPTO_SHA256_MB is not set # CONFIG_CRYPTO_SHA512_MB is not set CONFIG_CRYPTO_SHA256=y CONFIG_CRYPTO_SHA512=y -# CONFIG_CRYPTO_SHA3 is not set -# CONFIG_CRYPTO_TGR192 is not set -# CONFIG_CRYPTO_WP512 is not set +CONFIG_CRYPTO_SHA3=m +CONFIG_CRYPTO_TGR192=m +CONFIG_CRYPTO_WP512=m # CONFIG_CRYPTO_GHASH_CLMUL_NI_INTEL is not set # @@ -5845,12 +6558,13 @@ CONFIG_CRYPTO_SHA512=y # CONFIG_CRYPTO_AES=y # CONFIG_CRYPTO_AES_TI is not set -# CONFIG_CRYPTO_AES_X86_64 is not set -# CONFIG_CRYPTO_AES_NI_INTEL is not set +CONFIG_CRYPTO_AES_X86_64=y +CONFIG_CRYPTO_AES_NI_INTEL=y # CONFIG_CRYPTO_ANUBIS is not set CONFIG_CRYPTO_ARC4=m -# CONFIG_CRYPTO_BLOWFISH is not set -# CONFIG_CRYPTO_BLOWFISH_X86_64 is not set +CONFIG_CRYPTO_BLOWFISH=m +CONFIG_CRYPTO_BLOWFISH_COMMON=y +CONFIG_CRYPTO_BLOWFISH_X86_64=y # CONFIG_CRYPTO_CAMELLIA is not set # CONFIG_CRYPTO_CAMELLIA_X86_64 is not set # CONFIG_CRYPTO_CAMELLIA_AESNI_AVX_X86_64 is not set @@ -5868,23 +6582,24 @@ CONFIG_CRYPTO_DES=m # CONFIG_CRYPTO_CHACHA20 is not set # CONFIG_CRYPTO_CHACHA20_X86_64 is not set # CONFIG_CRYPTO_SEED is not set -# CONFIG_CRYPTO_SERPENT is not set -# CONFIG_CRYPTO_SERPENT_SSE2_X86_64 is not set -# CONFIG_CRYPTO_SERPENT_AVX_X86_64 is not set -# CONFIG_CRYPTO_SERPENT_AVX2_X86_64 is not set +CONFIG_CRYPTO_SERPENT=y +CONFIG_CRYPTO_SERPENT_SSE2_X86_64=m +CONFIG_CRYPTO_SERPENT_AVX_X86_64=m +CONFIG_CRYPTO_SERPENT_AVX2_X86_64=m # CONFIG_CRYPTO_TEA is not set -# CONFIG_CRYPTO_TWOFISH is not set -# CONFIG_CRYPTO_TWOFISH_X86_64 is not set -# CONFIG_CRYPTO_TWOFISH_X86_64_3WAY is not set -# CONFIG_CRYPTO_TWOFISH_AVX_X86_64 is not set +CONFIG_CRYPTO_TWOFISH=y +CONFIG_CRYPTO_TWOFISH_COMMON=y +CONFIG_CRYPTO_TWOFISH_X86_64=m +CONFIG_CRYPTO_TWOFISH_X86_64_3WAY=m +CONFIG_CRYPTO_TWOFISH_AVX_X86_64=m # # Compression # CONFIG_CRYPTO_DEFLATE=m -# CONFIG_CRYPTO_LZO is not set +CONFIG_CRYPTO_LZO=m # CONFIG_CRYPTO_842 is not set -# CONFIG_CRYPTO_LZ4 is not set +CONFIG_CRYPTO_LZ4=m # CONFIG_CRYPTO_LZ4HC is not set # @@ -5897,23 +6612,31 @@ CONFIG_CRYPTO_DRBG_HMAC=y # CONFIG_CRYPTO_DRBG_CTR is not set CONFIG_CRYPTO_DRBG=y CONFIG_CRYPTO_JITTERENTROPY=y -# CONFIG_CRYPTO_USER_API_HASH is not set -# CONFIG_CRYPTO_USER_API_SKCIPHER is not set +CONFIG_CRYPTO_USER_API=y +CONFIG_CRYPTO_USER_API_HASH=y +CONFIG_CRYPTO_USER_API_SKCIPHER=y # CONFIG_CRYPTO_USER_API_RNG is not set # CONFIG_CRYPTO_USER_API_AEAD is not set CONFIG_CRYPTO_HASH_INFO=y CONFIG_CRYPTO_HW=y -# CONFIG_CRYPTO_DEV_PADLOCK is not set +CONFIG_CRYPTO_DEV_PADLOCK=m +CONFIG_CRYPTO_DEV_PADLOCK_AES=m +CONFIG_CRYPTO_DEV_PADLOCK_SHA=m # CONFIG_CRYPTO_DEV_FSL_CAAM_CRYPTO_API_DESC is not set -# CONFIG_CRYPTO_DEV_CCP is not set -# CONFIG_CRYPTO_DEV_QAT_DH895xCC is not set -# CONFIG_CRYPTO_DEV_QAT_C3XXX is not set -# CONFIG_CRYPTO_DEV_QAT_C62X is not set -# CONFIG_CRYPTO_DEV_QAT_DH895xCCVF is not set -# CONFIG_CRYPTO_DEV_QAT_C3XXXVF is not set -# CONFIG_CRYPTO_DEV_QAT_C62XVF is not set -# CONFIG_CRYPTO_DEV_NITROX_CNN55XX is not set -# CONFIG_CRYPTO_DEV_CHELSIO is not set +CONFIG_CRYPTO_DEV_CCP=y +CONFIG_CRYPTO_DEV_CCP_DD=m +CONFIG_CRYPTO_DEV_SP_CCP=y +CONFIG_CRYPTO_DEV_CCP_CRYPTO=m +CONFIG_CRYPTO_DEV_QAT=m +CONFIG_CRYPTO_DEV_QAT_DH895xCC=m +CONFIG_CRYPTO_DEV_QAT_C3XXX=m +CONFIG_CRYPTO_DEV_QAT_C62X=m +CONFIG_CRYPTO_DEV_QAT_DH895xCCVF=m +CONFIG_CRYPTO_DEV_QAT_C3XXXVF=m +CONFIG_CRYPTO_DEV_QAT_C62XVF=m +CONFIG_CRYPTO_DEV_NITROX=m +CONFIG_CRYPTO_DEV_NITROX_CNN55XX=m +CONFIG_CRYPTO_DEV_CHELSIO=m CONFIG_CRYPTO_DEV_VIRTIO=m CONFIG_ASYMMETRIC_KEY_TYPE=y CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE=y @@ -5949,6 +6672,7 @@ CONFIG_KVM=m CONFIG_KVM_INTEL=m CONFIG_KVM_AMD=m CONFIG_VHOST_NET=m +# CONFIG_VHOST_VSOCK is not set CONFIG_VHOST=m # CONFIG_VHOST_CROSS_ENDIAN_LEGACY is not set # CONFIG_BINARY_PRINTF is not set @@ -5990,6 +6714,7 @@ CONFIG_ZLIB_INFLATE=y CONFIG_ZLIB_DEFLATE=y CONFIG_LZO_COMPRESS=y CONFIG_LZO_DECOMPRESS=y +CONFIG_LZ4_COMPRESS=m CONFIG_LZ4_DECOMPRESS=y CONFIG_ZSTD_COMPRESS=m CONFIG_ZSTD_DECOMPRESS=m @@ -6009,6 +6734,10 @@ CONFIG_DECOMPRESS_XZ=y CONFIG_DECOMPRESS_LZO=y CONFIG_DECOMPRESS_LZ4=y CONFIG_GENERIC_ALLOCATOR=y +CONFIG_TEXTSEARCH=y +CONFIG_TEXTSEARCH_KMP=m +CONFIG_TEXTSEARCH_BM=m +CONFIG_TEXTSEARCH_FSM=m CONFIG_BTREE=y CONFIG_INTERVAL_TREE=y CONFIG_RADIX_TREE_MULTIORDER=y @@ -6042,4 +6771,5 @@ CONFIG_ARCH_HAS_SG_CHAIN=y CONFIG_ARCH_HAS_PMEM_API=y CONFIG_ARCH_HAS_UACCESS_FLUSHCACHE=y CONFIG_SBITMAP=y +CONFIG_PARMAN=m # CONFIG_STRING_SELFTEST is not set diff --git a/system/gcc/001_all_default-ssp-strong.patch b/system/gcc/001_all_default-ssp-strong.patch new file mode 100644 index 000000000..95949eb00 --- /dev/null +++ b/system/gcc/001_all_default-ssp-strong.patch @@ -0,0 +1,215 @@ +# DP: Turn on -fstack-protector by default for C, C++, ObjC, ObjC++. +# DP: Build libgcc using -fno-stack-protector. + +--- + gcc/Makefile.in | 2 ++ + gcc/cp/lang-specs.h | 6 +++--- + gcc/doc/invoke.texi | 4 ++++ + gcc/gcc.c | 18 ++++++++++++++---- + gcc/objc/lang-specs.h | 10 +++++----- + gcc/objcp/lang-specs.h | 8 ++++---- + 6 files changed, 32 insertions(+), 16 deletions(-) + +Index: b/gcc/gcc.c +=================================================================== +--- a/gcc/gcc.c ++++ b/gcc/gcc.c +@@ -858,6 +858,14 @@ proper position among the other output f + #define LINK_GCC_C_SEQUENCE_SPEC "%G %L %G" + #endif + ++#ifndef SSP_DEFAULT_SPEC ++#ifdef TARGET_LIBC_PROVIDES_SSP ++#define SSP_DEFAULT_SPEC "%{!fno-stack-protector:%{!fstack-protector-all:%{!ffreestanding:%{!nostdlib:%{!fstack-protector:-fstack-protector-strong}}}}}" ++#else ++#define SSP_DEFAULT_SPEC "" ++#endif ++#endif ++ + #ifndef LINK_SSP_SPEC + #ifdef TARGET_LIBC_PROVIDES_SSP + #define LINK_SSP_SPEC "%{fstack-protector|fstack-protector-all" \ +@@ -1057,6 +1065,7 @@ static const char *cc1_spec = CC1_SPEC; + static const char *cc1plus_spec = CC1PLUS_SPEC; + static const char *link_gcc_c_sequence_spec = LINK_GCC_C_SEQUENCE_SPEC; + static const char *link_ssp_spec = LINK_SSP_SPEC; ++static const char *ssp_default_spec = SSP_DEFAULT_SPEC; + static const char *asm_spec = ASM_SPEC; + static const char *asm_final_spec = ASM_FINAL_SPEC; + static const char *link_spec = LINK_SPEC; +@@ -1112,7 +1121,7 @@ static const char *cpp_unique_options = + static const char *cpp_options = + "%(cpp_unique_options) %1 %{m*} %{std*&ansi&trigraphs} %{W*&pedantic*} %{w}\ + %{f*} %{g*:%{!g0:%{g*} %{!fno-working-directory:-fworking-directory}}} %{O*}\ +- %{undef} %{save-temps*:-fpch-preprocess}"; ++ %{undef} %{save-temps*:-fpch-preprocess} %(ssp_default)"; + + /* This contains cpp options which are not passed when the preprocessor + output will be used by another program. */ +@@ -1301,9 +1310,9 @@ static const struct compiler default_com + %{save-temps*|traditional-cpp|no-integrated-cpp:%(trad_capable_cpp) \ + %(cpp_options) -o %{save-temps*:%b.i} %{!save-temps*:%g.i} \n\ + cc1 -fpreprocessed %{save-temps*:%b.i} %{!save-temps*:%g.i} \ +- %(cc1_options)}\ ++ %(cc1_options) %(ssp_default)}\ + %{!save-temps*:%{!traditional-cpp:%{!no-integrated-cpp:\ +- cc1 %(cpp_unique_options) %(cc1_options)}}}\ ++ cc1 %(cpp_unique_options) %(cc1_options) %(ssp_default)}}}\ + %{!fsyntax-only:%(invoke_as)}}}}", 0, 0, 1}, + {"-", + "%{!E:%e-E or -x required when input is from standard input}\ +@@ -1328,7 +1337,7 @@ static const struct compiler default_com + %W{o*:--output-pch=%*}}%V}}}}}}}", 0, 0, 0}, + {".i", "@cpp-output", 0, 0, 0}, + {"@cpp-output", +- "%{!M:%{!MM:%{!E:cc1 -fpreprocessed %i %(cc1_options) %{!fsyntax-only:%(invoke_as)}}}}", 0, 0, 0}, ++ "%{!M:%{!MM:%{!E:cc1 -fpreprocessed %i %(cc1_options) %(ssp_default) %{!fsyntax-only:%(invoke_as)}}}}", 0, 0, 0}, + {".s", "@assembler", 0, 0, 0}, + {"@assembler", + "%{!M:%{!MM:%{!E:%{!S:as %(asm_debug) %(asm_options) %i %A }}}}", 0, 0, 0}, +@@ -1560,6 +1569,7 @@ static struct spec_list static_specs[] = + INIT_STATIC_SPEC ("cc1plus", &cc1plus_spec), + INIT_STATIC_SPEC ("link_gcc_c_sequence", &link_gcc_c_sequence_spec), + INIT_STATIC_SPEC ("link_ssp", &link_ssp_spec), ++ INIT_STATIC_SPEC ("ssp_default", &ssp_default_spec), + INIT_STATIC_SPEC ("endfile", &endfile_spec), + INIT_STATIC_SPEC ("link", &link_spec), + INIT_STATIC_SPEC ("lib", &lib_spec), +Index: b/gcc/cp/lang-specs.h +=================================================================== +--- a/gcc/cp/lang-specs.h ++++ b/gcc/cp/lang-specs.h +@@ -46,7 +46,7 @@ along with GCC; see the file COPYING3. + %(cpp_options) %2 -o %{save-temps*:%b.ii} %{!save-temps*:%g.ii} \n}\ + cc1plus %{save-temps*|no-integrated-cpp:-fpreprocessed %{save-temps*:%b.ii} %{!save-temps*:%g.ii}}\ + %{!save-temps*:%{!no-integrated-cpp:%(cpp_unique_options)}}\ +- %(cc1_options) %2\ ++ %(cc1_options) %(ssp_default) %2\ + %{!fsyntax-only:-o %g.s \ + %{!fdump-ada-spec*:%{!o*:--output-pch=%i.gch}\ + %W{o*:--output-pch=%*}}%V}}}}", +@@ -58,11 +58,11 @@ along with GCC; see the file COPYING3. + %(cpp_options) %2 -o %{save-temps*:%b.ii} %{!save-temps*:%g.ii} \n}\ + cc1plus %{save-temps*|no-integrated-cpp:-fpreprocessed %{save-temps*:%b.ii} %{!save-temps*:%g.ii}}\ + %{!save-temps*:%{!no-integrated-cpp:%(cpp_unique_options)}}\ +- %(cc1_options) %2\ ++ %(cc1_options) %(ssp_default) %2\ + %{!fsyntax-only:%(invoke_as)}}}}", + CPLUSPLUS_CPP_SPEC, 0, 0}, + {".ii", "@c++-cpp-output", 0, 0, 0}, + {"@c++-cpp-output", + "%{!M:%{!MM:%{!E:\ +- cc1plus -fpreprocessed %i %(cc1_options) %2\ ++ cc1plus -fpreprocessed %i %(cc1_options) %(ssp_default) %2\ + %{!fsyntax-only:%(invoke_as)}}}}", 0, 0, 0}, +Index: b/gcc/params.def +=================================================================== +--- a/gcc/params.def ++++ b/gcc/params.def +@@ -673,7 +673,7 @@ DEFPARAM (PARAM_INTEGER_SHARE_LIMIT, + DEFPARAM (PARAM_SSP_BUFFER_SIZE, + "ssp-buffer-size", + "The lower bound for a buffer to be considered for stack smashing protection.", +- 8, 1, 0) ++ 4, 1, 0) + + DEFPARAM (PARAM_MIN_SIZE_FOR_STACK_SHARING, + "min-size-for-stack-sharing", +Index: b/gcc/objc/lang-specs.h +=================================================================== +--- a/gcc/objc/lang-specs.h ++++ b/gcc/objc/lang-specs.h +@@ -29,9 +29,9 @@ along with GCC; see the file COPYING3. + %{traditional|traditional-cpp:\ + %eGNU Objective C no longer supports traditional compilation}\ + %{save-temps*|no-integrated-cpp:cc1obj -E %(cpp_options) -o %{save-temps*:%b.mi} %{!save-temps*:%g.mi} \n\ +- cc1obj -fpreprocessed %{save-temps*:%b.mi} %{!save-temps*:%g.mi} %(cc1_options) %{print-objc-runtime-info} %{gen-decls}}\ ++ cc1obj -fpreprocessed %{save-temps*:%b.mi} %{!save-temps*:%g.mi} %(cc1_options) %(ssp_default) %{print-objc-runtime-info} %{gen-decls}}\ + %{!save-temps*:%{!no-integrated-cpp:\ +- cc1obj %(cpp_unique_options) %(cc1_options) %{print-objc-runtime-info} %{gen-decls}}}\ ++ cc1obj %(cpp_unique_options) %(cc1_options) %(ssp_default) %{print-objc-runtime-info} %{gen-decls}}}\ + %{!fsyntax-only:%(invoke_as)}}}}", 0, 0, 0}, + {"@objective-c-header", + "%{E|M|MM:cc1obj -E %{traditional|traditional-cpp:-traditional-cpp}\ +@@ -40,18 +40,18 @@ along with GCC; see the file COPYING3. + %{traditional|traditional-cpp:\ + %eGNU Objective C no longer supports traditional compilation}\ + %{save-temps*|no-integrated-cpp:cc1obj -E %(cpp_options) -o %{save-temps*:%b.mi} %{!save-temps*:%g.mi} \n\ +- cc1obj -fpreprocessed %b.mi %(cc1_options) %{print-objc-runtime-info} %{gen-decls}\ ++ cc1obj -fpreprocessed %b.mi %(cc1_options) %(ssp_default) %{print-objc-runtime-info} %{gen-decls}\ + -o %g.s %{!o*:--output-pch=%i.gch}\ + %W{o*:--output-pch=%*}%V}\ + %{!save-temps*:%{!no-integrated-cpp:\ +- cc1obj %(cpp_unique_options) %(cc1_options) %{print-objc-runtime-info} %{gen-decls}\ ++ cc1obj %(cpp_unique_options) %(cc1_options) %(ssp_default) %{print-objc-runtime-info} %{gen-decls}\ + -o %g.s %{!o*:--output-pch=%i.gch}\ + %W{o*:--output-pch=%*}%V}}}}}", 0, 0, 0}, + {".mi", "@objective-c-cpp-output", 0, 0, 0}, + {"@objective-c-cpp-output", +- "%{!M:%{!MM:%{!E:cc1obj -fpreprocessed %i %(cc1_options) %{print-objc-runtime-info} %{gen-decls}\ ++ "%{!M:%{!MM:%{!E:cc1obj -fpreprocessed %i %(cc1_options) %(ssp_default) %{print-objc-runtime-info} %{gen-decls}\ + %{!fsyntax-only:%(invoke_as)}}}}", 0, 0, 0}, + {"@objc-cpp-output", + "%nobjc-cpp-output is deprecated; please use objective-c-cpp-output instead\n\ +- %{!M:%{!MM:%{!E:cc1obj -fpreprocessed %i %(cc1_options) %{print-objc-runtime-info} %{gen-decls}\ ++ %{!M:%{!MM:%{!E:cc1obj -fpreprocessed %i %(cc1_options) %(ssp_default) %{print-objc-runtime-info} %{gen-decls}\ + %{!fsyntax-only:%(invoke_as)}}}}", 0, 0, 0}, +Index: b/gcc/objcp/lang-specs.h +=================================================================== +--- a/gcc/objcp/lang-specs.h ++++ b/gcc/objcp/lang-specs.h +@@ -36,7 +36,7 @@ along with GCC; see the file COPYING3. + %(cpp_options) %2 -o %{save-temps*:%b.mii} %{!save-temps*:%g.mii} \n}\ + cc1objplus %{save-temps*|no-integrated-cpp:-fpreprocessed %{save-temps*:%b.mii} %{!save-temps*:%g.mii}}\ + %{!save-temps*:%{!no-integrated-cpp:%(cpp_unique_options)}}\ +- %(cc1_options) %2\ ++ %(cc1_options) %(ssp_default) %2\ + -o %g.s %{!o*:--output-pch=%i.gch} %W{o*:--output-pch=%*}%V}}}", + CPLUSPLUS_CPP_SPEC, 0, 0}, + {"@objective-c++", +@@ -46,16 +46,16 @@ along with GCC; see the file COPYING3. + %(cpp_options) %2 -o %{save-temps*:%b.mii} %{!save-temps*:%g.mii} \n}\ + cc1objplus %{save-temps*|no-integrated-cpp:-fpreprocessed %{save-temps*:%b.mii} %{!save-temps*:%g.mii}}\ + %{!save-temps*:%{!no-integrated-cpp:%(cpp_unique_options)}}\ +- %(cc1_options) %2\ ++ %(cc1_options) %(ssp_default) %2\ + %{!fsyntax-only:%(invoke_as)}}}}", + CPLUSPLUS_CPP_SPEC, 0, 0}, + {".mii", "@objective-c++-cpp-output", 0, 0, 0}, + {"@objective-c++-cpp-output", + "%{!M:%{!MM:%{!E:\ +- cc1objplus -fpreprocessed %i %(cc1_options) %2\ ++ cc1objplus -fpreprocessed %i %(cc1_options) %(ssp_default) %2\ + %{!fsyntax-only:%(invoke_as)}}}}", 0, 0, 0}, + {"@objc++-cpp-output", + "%nobjc++-cpp-output is deprecated; please use objective-c++-cpp-output instead\n\ + %{!M:%{!MM:%{!E:\ +- cc1objplus -fpreprocessed %i %(cc1_options) %2\ ++ cc1objplus -fpreprocessed %i %(cc1_options) %(ssp_default) %2\ + %{!fsyntax-only:%(invoke_as)}}}}", 0, 0, 0}, +Index: b/gcc/doc/invoke.texi +=================================================================== +--- a/gcc/doc/invoke.texi ++++ b/gcc/doc/invoke.texi +@@ -9247,6 +9247,9 @@ + The minimum size of variables taking part in stack slot sharing when not + optimizing. The default value is 32. + ++The Alpine Linux default is "4", to increase ++the number of functions protected by the stack protector. ++ + @item max-jump-thread-duplication-stmts + Maximum number of statements allowed in a block that needs to be + duplicated when threading jumps. +@@ -10185,6 +10188,11 @@ + Like @option{-fstack-protector} but includes additional functions to + be protected --- those that have local array definitions, or have + references to local frame addresses. ++ ++NOTE: In Alpine Linux, ++@option{-fstack-protector-strong} is enabled by default for C, ++C++, ObjC, ObjC++, if none of @option{-fno-stack-protector}, ++@option{-nostdlib}, nor @option{-ffreestanding} are found. + + @item -fstack-protector-explicit + @opindex fstack-protector-explicit diff --git a/system/gcc/002_all_default-relro.patch b/system/gcc/002_all_default-relro.patch new file mode 100644 index 000000000..c461017dc --- /dev/null +++ b/system/gcc/002_all_default-relro.patch @@ -0,0 +1,33 @@ +# Turn on -Wl,-z,relro,-z,now by default. + +--- + gcc/doc/invoke.texi | 3 +++ + gcc/gcc.c | 1 + + 2 files changed, 4 insertions(+), 0 deletions(-) + +Index: b/gcc/doc/invoke.texi +=================================================================== +--- a/gcc/doc/invoke.texi ++++ b/gcc/doc/invoke.texi +@@ -11424,6 +11424,9 @@ For example, @option{-Wl,-Map,output.map + linker. When using the GNU linker, you can also get the same effect with + @option{-Wl,-Map=output.map}. + ++NOTE: In Alpine Linux, for LDFLAGS, the option ++@option{-Wl,-z,relro,now} is used. To disable, use @option{-Wl,-z,norelro}. ++ + @item -u @var{symbol} + @opindex u + Pretend the symbol @var{symbol} is undefined, to force linking of +Index: b/gcc/gcc.c +=================================================================== +--- a/gcc/gcc.c ++++ b/gcc/gcc.c +@@ -890,6 +890,7 @@ proper position among the other output f + "%{flto|flto=*:%<fcompare-debug*} \ + %{flto} %{fno-lto} %{flto=*} %l " LINK_PIE_SPEC \ + "%{fuse-ld=*:-fuse-ld=%*} " LINK_COMPRESS_DEBUG_SPEC \ ++ "-z relro -z now " \ + "%X %{o*} %{e*} %{N} %{n} %{r}\ + %{s} %{t} %{u*} %{z} %{Z} %{!nostdlib:%{!nostartfiles:%S}} " VTABLE_VERIFICATION_SPEC " \ + %{static:} %{L*} %(mfwrap) %(link_libgcc) " SANITIZER_EARLY_SPEC " %o\ diff --git a/system/gcc/003_all_default-fortify-source.patch b/system/gcc/003_all_default-fortify-source.patch new file mode 100644 index 000000000..6ca803343 --- /dev/null +++ b/system/gcc/003_all_default-fortify-source.patch @@ -0,0 +1,40 @@ +# DP: Turn on -D_FORTIFY_SOURCE=2 by default for C, C++, ObjC, ObjC++, +# DP: if the optimization level is > 0 + +--- + gcc/doc/invoke.texi | 6 ++++++ + gcc/c-family/c-cppbuiltin.c | 3 + + 2 files changed, 9 insertions(+), 0 deletions(-) + +Index: b/gcc/doc/invoke.texi +=================================================================== +--- a/gcc/doc/invoke.texi ++++ b/gcc/doc/invoke.texi +@@ -7840,6 +7840,12 @@ also turns on the following optimization + Please note the warning under @option{-fgcse} about + invoking @option{-O2} on programs that use computed gotos. + ++NOTE: In Alpine Linux, @option{-D_FORTIFY_SOURCE=2} is ++set by default, and is activated when @option{-O} is set to 2 or higher. ++This enables additional compile-time and run-time checks for several libc ++functions. To disable, specify either @option{-U_FORTIFY_SOURCE} or ++@option{-D_FORTIFY_SOURCE=0}. ++ + @item -O3 + @opindex O3 + Optimize yet more. @option{-O3} turns on all optimizations specified +Index: b/gcc/c-family/c-cppbuiltin.c +=================================================================== +--- a/gcc/c-family/c-cppbuiltin.c ++++ b/gcc/c-family/c-cppbuiltin.c +@@ -1176,6 +1176,10 @@ c_cpp_builtins (cpp_reader *pfile) + builtin_define_with_value ("__REGISTER_PREFIX__", REGISTER_PREFIX, 0); + builtin_define_with_value ("__USER_LABEL_PREFIX__", user_label_prefix, 0); + ++ /* Fortify Source enabled by default for optimization levels > 0 */ ++ if (optimize) ++ builtin_define_with_int_value ("_FORTIFY_SOURCE", 2); ++ + /* Misc. */ + if (flag_gnu89_inline) + cpp_define (pfile, "__GNUC_GNU_INLINE__"); diff --git a/system/gcc/005_all_default-as-needed.patch b/system/gcc/005_all_default-as-needed.patch new file mode 100644 index 000000000..ee4f7962a --- /dev/null +++ b/system/gcc/005_all_default-as-needed.patch @@ -0,0 +1,241 @@ +# DP: On linux targets pass --as-needed by default to the linker, but always +# DP: link the sanitizer libraries with --no-as-needed. + +--- a/gcc/gcc.c ++++ b/gcc/gcc.c +@@ -568,8 +568,11 @@ proper position among the other output f + #ifdef LIBTSAN_EARLY_SPEC + #define LIBTSAN_SPEC STATIC_LIBTSAN_LIBS + #elif defined(HAVE_LD_STATIC_DYNAMIC) +-#define LIBTSAN_SPEC "%{static-libtsan:" LD_STATIC_OPTION \ +- "} -ltsan %{static-libtsan:" LD_DYNAMIC_OPTION "}" \ ++#define LIBTSAN_SPEC "%{static-libtsan:" LD_STATIC_OPTION "}" \ ++ " %{!static-libtsan:%{!fuse-ld=gold:--push-state }--no-as-needed}" \ ++ " -ltsan " \ ++ " %{static-libtsan:" LD_DYNAMIC_OPTION "}" \ ++ " %{!static-libtsan:%{fuse-ld=gold:--as-needed;:--pop-state}}" \ + STATIC_LIBTSAN_LIBS + #else + #define LIBTSAN_SPEC "-ltsan" STATIC_LIBTSAN_LIBS +--- a/gcc/config/gnu-user.h ++++ b/gcc/config/gnu-user.h +@@ -124,13 +124,13 @@ + #define LIBASAN_EARLY_SPEC "%{!shared:libasan_preinit%O%s} " \ + "%{static-libasan:%{!shared:" \ + LD_STATIC_OPTION " --whole-archive -lasan --no-whole-archive " \ +- LD_DYNAMIC_OPTION "}}%{!static-libasan:-lasan}" ++ LD_DYNAMIC_OPTION "}}%{!static-libasan:%{!fuse-ld=gold:--push-state} --no-as-needed -lasan %{fuse-ld=gold:--as-needed;:--pop-state}}" + #undef LIBTSAN_EARLY_SPEC + #define LIBTSAN_EARLY_SPEC "%{static-libtsan:%{!shared:" \ + LD_STATIC_OPTION " --whole-archive -ltsan --no-whole-archive " \ +- LD_DYNAMIC_OPTION "}}%{!static-libtsan:-ltsan}" ++ LD_DYNAMIC_OPTION "}}%{!static-libtsan:%{!fuse-ld=gold:--push-state} --no-as-needed -ltsan %{fuse-ld=gold:--as-needed;:--pop-state}}" + #undef LIBLSAN_EARLY_SPEC + #define LIBLSAN_EARLY_SPEC "%{static-liblsan:%{!shared:" \ + LD_STATIC_OPTION " --whole-archive -llsan --no-whole-archive " \ +- LD_DYNAMIC_OPTION "}}%{!static-liblsan:-llsan}" ++ LD_DYNAMIC_OPTION "}}%{!static-liblsan:%{!fuse-ld=gold:--push-state} --no-as-needed -llsan %{fuse-ld=gold:--as-needed;:--pop-state}}" + #endif +Index: b/gcc/config/aarch64/aarch64-linux.h +=================================================================== +--- a/gcc/config/aarch64/aarch64-linux.h ++++ b/gcc/config/aarch64/aarch64-linux.h +@@ -36,5 +36,6 @@ + + #define LINUX_TARGET_LINK_SPEC "%{h*} \ ++ --as-needed \ + %{static:-Bstatic} \ + %{shared:-shared} \ + %{symbolic:-Bsymbolic} \ +Index: b/gcc/config/ia64/linux.h +=================================================================== +--- a/gcc/config/ia64/linux.h ++++ b/gcc/config/ia64/linux.h +@@ -58,7 +58,7 @@ do { \ + #define GLIBC_DYNAMIC_LINKER "/lib/ld-linux-ia64.so.2" + + #undef LINK_SPEC +-#define LINK_SPEC "\ ++#define LINK_SPEC " --as-needed \ + %{shared:-shared} \ + %{!shared: \ + %{!static: \ +Index: b/gcc/config/sparc/linux.h +=================================================================== +--- a/gcc/config/sparc/linux.h ++++ b/gcc/config/sparc/linux.h +@@ -86,7 +86,7 @@ extern const char *host_detect_local_cpu + #define GLIBC_DYNAMIC_LINKER "/lib/ld-linux.so.2" + + #undef LINK_SPEC +-#define LINK_SPEC "-m elf32_sparc %{shared:-shared} \ ++#define LINK_SPEC "-m elf32_sparc --as-needed %{shared:-shared} \ + %{!mno-relax:%{!r:-relax}} \ + %{!shared: \ + %{!static: \ +Index: b/gcc/config/s390/linux.h +=================================================================== +--- a/gcc/config/s390/linux.h ++++ b/gcc/config/s390/linux.h +@@ -65,7 +65,7 @@ along with GCC; see the file COPYING3. + + #undef LINK_SPEC + #define LINK_SPEC \ +- "%{m31:-m elf_s390}%{m64:-m elf64_s390} \ ++ "%{m31:-m elf_s390}%{m64:-m elf64_s390} --as-needed \ + %{shared:-shared} \ + %{!shared: \ + %{static:-static} \ +Index: b/gcc/config/rs6000/linux64.h +=================================================================== +--- a/gcc/config/rs6000/linux64.h ++++ b/gcc/config/rs6000/linux64.h +@@ -466,12 +466,12 @@ extern int dot_symbols; + " -m elf64ppc") + #endif + +-#define LINK_OS_LINUX_SPEC32 LINK_OS_LINUX_EMUL32 " %{!shared: %{!static: \ ++#define LINK_OS_LINUX_SPEC32 LINK_OS_LINUX_EMUL32 " --as-needed %{!shared: %{!static: \ + %{rdynamic:-export-dynamic} \ + -dynamic-linker " GNU_USER_DYNAMIC_LINKER32 "}} \ + %(link_os_extra_spec32)" + +-#define LINK_OS_LINUX_SPEC64 LINK_OS_LINUX_EMUL64 " %{!shared: %{!static: \ ++#define LINK_OS_LINUX_SPEC64 LINK_OS_LINUX_EMUL64 " --as-needed %{!shared: %{!static: \ + %{rdynamic:-export-dynamic} \ + -dynamic-linker " GNU_USER_DYNAMIC_LINKER64 "}} \ + %(link_os_extra_spec64)" +Index: b/gcc/config/rs6000/sysv4.h +=================================================================== +--- a/gcc/config/rs6000/sysv4.h ++++ b/gcc/config/rs6000/sysv4.h +@@ -784,7 +784,7 @@ ENDIAN_SELECT(" -mbig", " -mlittle", DEF + CHOOSE_DYNAMIC_LINKER (GLIBC_DYNAMIC_LINKER, UCLIBC_DYNAMIC_LINKER, \ + MUSL_DYNAMIC_LINKER) + +-#define LINK_OS_LINUX_SPEC "-m elf32ppclinux %{!shared: %{!static: \ ++#define LINK_OS_LINUX_SPEC "-m elf32ppclinux --as-needed %{!shared: %{!static: \ + %{rdynamic:-export-dynamic} \ + -dynamic-linker " GNU_USER_DYNAMIC_LINKER "}}" + +Index: b/gcc/config/i386/gnu-user64.h +=================================================================== +--- a/gcc/config/i386/gnu-user64.h ++++ b/gcc/config/i386/gnu-user64.h +@@ -57,5 +57,6 @@ see the files COPYING3 and COPYING.RUNTI + %{" SPEC_32 ":-m " GNU_USER_LINK_EMULATION32 "} \ + %{" SPEC_X32 ":-m " GNU_USER_LINK_EMULATIONX32 "} \ ++ --as-needed \ + %{shared:-shared} \ + %{!shared: \ + %{!static: \ +Index: b/gcc/config/i386/gnu-user.h +=================================================================== +--- a/gcc/config/i386/gnu-user.h ++++ b/gcc/config/i386/gnu-user.h +@@ -74,7 +74,7 @@ along with GCC; see the file COPYING3. + { "link_emulation", GNU_USER_LINK_EMULATION },\ + { "dynamic_linker", GNU_USER_DYNAMIC_LINKER } + +-#define GNU_USER_TARGET_LINK_SPEC "-m %(link_emulation) %{shared:-shared} \ ++#define GNU_USER_TARGET_LINK_SPEC "-m %(link_emulation) --as-needed %{shared:-shared} \ + %{!shared: \ + %{!static: \ + %{rdynamic:-export-dynamic} \ +Index: b/gcc/config/alpha/linux-elf.h +=================================================================== +--- a/gcc/config/alpha/linux-elf.h ++++ b/gcc/config/alpha/linux-elf.h +@@ -37,7 +37,7 @@ along with GCC; see the file COPYING3. + + #define ELF_DYNAMIC_LINKER GNU_USER_DYNAMIC_LINKER + +-#define LINK_SPEC "-m elf64alpha %{G*} %{relax:-relax} \ ++#define LINK_SPEC "-m elf64alpha --as-needed %{G*} %{relax:-relax} \ + %{O*:-O3} %{!O*:-O1} \ + %{shared:-shared} \ + %{!shared: \ +Index: b/gcc/config/arm/linux-elf.h +=================================================================== +--- a/gcc/config/arm/linux-elf.h ++++ b/gcc/config/arm/linux-elf.h +@@ -73,5 +73,6 @@ + %{!shared:-dynamic-linker " GNU_USER_DYNAMIC_LINKER "}} \ + -X \ ++ --as-needed \ + %{mbig-endian:-EB} %{mlittle-endian:-EL}" \ + SUBTARGET_EXTRA_LINK_SPEC + +Index: b/gcc/config/mips/gnu-user.h +=================================================================== +--- a/gcc/config/mips/gnu-user.h ++++ b/gcc/config/mips/gnu-user.h +@@ -55,6 +55,7 @@ along with GCC; see the file COPYING3. + #undef GNU_USER_TARGET_LINK_SPEC + #define GNU_USER_TARGET_LINK_SPEC "\ + %{G*} %{EB} %{EL} %{mips*} %{shared} \ ++ -as-needed \ + %{!shared: \ + %{!static: \ + %{rdynamic:-export-dynamic} \ +Index: b/libjava/Makefile.am +=================================================================== +--- a/libjava/Makefile.am ++++ b/libjava/Makefile.am +@@ -627,14 +631,14 @@ + rm .libs/libgcj_bc.so; \ + mv .libs/libgcj_bc.so.1.0.0 .libs/libgcj_bc.so; \ + $(libgcj_bc_dummy_LINK) -xc /dev/null -Wl,-soname,libgcj_bc.so.1 \ +- -o .libs/libgcj_bc.so.1.0.0 -lgcj || exit; \ ++ -o .libs/libgcj_bc.so.1.0.0 -Wl,--no-as-needed -lgcj || exit; \ + rm .libs/libgcj_bc.so.1; \ + $(LN_S) libgcj_bc.so.1.0.0 .libs/libgcj_bc.so.1 + + ## This rule creates the libgcj_bc library that is actually installed. + install/libgcj_bc.la: $(libgcj_bc_la_OBJECTS) $(libgcj_bc_la_DEPENDENCIES) install/$(am__dirstamp) + $(libgcj_bc_la_LINK) $(am_libgcj_bc_la_rpath) $(libgcj_bc_la_LDFLAGS) \ +- $(libgcj_bc_la_OBJECTS) $(libgcj_bc_la_LIBADD) $(LIBS) ++ $(libgcj_bc_la_OBJECTS) $(libgcj_bc_la_LIBADD) $(LIBS) -Wl,--no-as-needed -lgcj + + ## Note that property_files is defined in sources.am. + propertyo_files = $(patsubst classpath/resource/%,%,$(addsuffix .lo,$(property_files))) +@@ -762,7 +766,7 @@ + rm $(DESTDIR)$(toolexeclibdir)/libgcj_bc.so; \ + mv $(DESTDIR)$(toolexeclibdir)/libgcj_bc.so.1.0.0 $(DESTDIR)$(toolexeclibdir)/libgcj_bc.so; \ + $(libgcj_bc_dummy_LINK) -xc /dev/null -Wl,-soname,libgcj_bc.so.1 \ +- -o $(DESTDIR)$(toolexeclibdir)/libgcj_bc.so.1.0.0 -lgcj || exit; \ ++ -o $(DESTDIR)$(toolexeclibdir)/libgcj_bc.so.1.0.0 -Wl,--no-as-needed -lgcj || exit; \ + rm $(DESTDIR)$(toolexeclibdir)/libgcj_bc.so.1; \ + $(LN_S) libgcj_bc.so.1.0.0 $(DESTDIR)$(toolexeclibdir)/libgcj_bc.so.1; \ + rm $(DESTDIR)$(toolexeclibdir)/libgcj_bc.la; + +Index: b/libjava/Makefile.in +=================================================================== +--- a/libjava/Makefile.in ++++ b/libjava/Makefile.in +@@ -10644,13 +10648,13 @@ + rm .libs/libgcj_bc.so; \ + mv .libs/libgcj_bc.so.1.0.0 .libs/libgcj_bc.so; \ + $(libgcj_bc_dummy_LINK) -xc /dev/null -Wl,-soname,libgcj_bc.so.1 \ +- -o .libs/libgcj_bc.so.1.0.0 -lgcj || exit; \ ++ -o .libs/libgcj_bc.so.1.0.0 -Wl,--no-as-needed -lgcj || exit; \ + rm .libs/libgcj_bc.so.1; \ + $(LN_S) libgcj_bc.so.1.0.0 .libs/libgcj_bc.so.1 + + install/libgcj_bc.la: $(libgcj_bc_la_OBJECTS) $(libgcj_bc_la_DEPENDENCIES) install/$(am__dirstamp) + $(libgcj_bc_la_LINK) $(am_libgcj_bc_la_rpath) $(libgcj_bc_la_LDFLAGS) \ +- $(libgcj_bc_la_OBJECTS) $(libgcj_bc_la_LIBADD) $(LIBS) ++ $(libgcj_bc_la_OBJECTS) $(libgcj_bc_la_LIBADD) $(LIBS) -Wl,--no-as-needed -lgcj + + $(propertyo_files): %.lo: classpath/resource/% + $(mkinstalldirs) `dirname $@`; \ +@@ -12494,7 +12498,7 @@ + @USE_LIBGCJ_BC_TRUE@ rm $(DESTDIR)$(toolexeclibdir)/libgcj_bc.so; \ + @USE_LIBGCJ_BC_TRUE@ mv $(DESTDIR)$(toolexeclibdir)/libgcj_bc.so.1.0.0 $(DESTDIR)$(toolexeclibdir)/libgcj_bc.so; \ + @USE_LIBGCJ_BC_TRUE@ $(libgcj_bc_dummy_LINK) -xc /dev/null -Wl,-soname,libgcj_bc.so.1 \ +-@USE_LIBGCJ_BC_TRUE@ -o $(DESTDIR)$(toolexeclibdir)/libgcj_bc.so.1.0.0 -lgcj || exit; \ ++@USE_LIBGCJ_BC_TRUE@ -o $(DESTDIR)$(toolexeclibdir)/libgcj_bc.so.1.0.0 -Wl,--no-as-needed -lgcj || exit; \ + @USE_LIBGCJ_BC_TRUE@ rm $(DESTDIR)$(toolexeclibdir)/libgcj_bc.so.1; \ + @USE_LIBGCJ_BC_TRUE@ $(LN_S) libgcj_bc.so.1.0.0 $(DESTDIR)$(toolexeclibdir)/libgcj_bc.so.1; \ + @USE_LIBGCJ_BC_TRUE@ rm $(DESTDIR)$(toolexeclibdir)/libgcj_bc.la; + diff --git a/system/gcc/011_all_default-warn-format-security.patch b/system/gcc/011_all_default-warn-format-security.patch new file mode 100644 index 000000000..a58383a8e --- /dev/null +++ b/system/gcc/011_all_default-warn-format-security.patch @@ -0,0 +1,43 @@ +Enable -Wformat and -Wformat-security by default. + + +--- a/gcc/c-family/c.opt ++++ b/gcc/c-family/c.opt +@@ -412,7 +412,7 @@ C ObjC C++ ObjC++ Var(warn_format_nonliteral) Warning LangEnabledBy(C ObjC C++ O + Warn about format strings that are not literals + + Wformat-security +-C ObjC C++ ObjC++ Var(warn_format_security) Warning LangEnabledBy(C ObjC C++ ObjC++,Wformat=, warn_format >= 2, 0) ++C ObjC C++ ObjC++ Var(warn_format_security) Init(1) Warning LangEnabledBy(C ObjC C++ ObjC++,Wformat=, warn_format >= 2, 0) + Warn about possible security problems with format functions + + Wformat-y2k +@@ -424,7 +424,7 @@ C ObjC C++ ObjC++ Var(warn_format_zero_length) Warning LangEnabledBy(C ObjC C++ + Warn about zero-length formats + + Wformat= +-C ObjC C++ ObjC++ Joined RejectNegative UInteger Var(warn_format) Warning LangEnabledBy(C ObjC C++ ObjC++,Wall, 1, 0) ++C ObjC C++ ObjC++ Joined RejectNegative UInteger Var(warn_format) Init(1) Warning LangEnabledBy(C ObjC C++ ObjC++,Wall, 1, 0) + Warn about printf/scanf/strftime/strfmon format string anomalies + + Wignored-qualifiers +--- a/gcc/doc/gcc.info ++++ b/gcc/doc/gcc.info +@@ -3451,6 +3451,8 @@ compiler warns that an unrecognized option is present. + '-Wno-format-contains-nul', '-Wno-format-extra-args', and + '-Wno-format-zero-length'. '-Wformat' is enabled by '-Wall'. + ++ This option is enabled by default in Alpine Linux. ++ + '-Wno-format-contains-nul' + If '-Wformat' is specified, do not warn about format strings + that contain NUL bytes. +@@ -3496,6 +3498,8 @@ compiler warns that an unrecognized option is present. + future warnings may be added to '-Wformat-security' that are + not included in '-Wformat-nonliteral'.) + ++ This option is enabled by default in Alpine Linux. ++ + '-Wformat-y2k' + If '-Wformat' is specified, also warn about 'strftime' formats + that may yield only a two-digit year. diff --git a/system/gcc/012_all_default-warn-trampolines.patch b/system/gcc/012_all_default-warn-trampolines.patch new file mode 100644 index 000000000..9ab4378d4 --- /dev/null +++ b/system/gcc/012_all_default-warn-trampolines.patch @@ -0,0 +1,25 @@ +Enable -Wtrampolines by default. + + +--- a/gcc/common.opt ++++ b/gcc/common.opt +@@ -648,7 +648,7 @@ Common Var(warn_system_headers) Warning + Do not suppress warnings from system headers + + Wtrampolines +-Common Var(warn_trampolines) Warning ++Common Var(warn_trampolines) Init(1) Warning + Warn whenever a trampoline is generated + + Wtype-limits +--- a/gcc/doc/gcc.info ++++ b/gcc/doc/gcc.info +@@ -4021,6 +4021,8 @@ compiler warns that an unrecognized option is present. + and thus requires the stack to be made executable in order for the + program to work properly. + ++ This warning is enabled by default in Gentoo. ++ + '-Wfloat-equal' + Warn if floating-point values are used in equality comparisons. + diff --git a/system/gcc/020_all_msgfmt-libstdc++-link.patch b/system/gcc/020_all_msgfmt-libstdc++-link.patch new file mode 100644 index 000000000..a70ea50a0 --- /dev/null +++ b/system/gcc/020_all_msgfmt-libstdc++-link.patch @@ -0,0 +1,39 @@ +Ensure that msgfmt doesn't encounter problems during gcc bootstrapping. + +Solves error messages like the following: + +msgfmt: /var/tmp/portage/sys-devel/gcc-4.1.2/work/build/./gcc/libgcc_s.so.1: version `GCC_4.2.0' not found (required by /usr/lib/gcc/x86_64-pc-linux-gnu/4.5.3/libstdc++.so.6) + +The libgcc_s.so used during build doesn't satisfy the needs of the +libstdc++.so that msgfmt is linked against. On the other hand, msgfmt +is used as a stand-alone application here, and what library it uses +behind the scenes is of no concern to the gcc build process. +Therefore, simply invoking it "as usual", i.e. without any special +library path, will make it work as expected here. + +2011-09-19 Martin von Gagern + +References: +https://bugs.gentoo.org/372377 +https://bugs.gentoo.org/295480 + +--- gcc-4.1.2.orig/libstdc++-v3/po/Makefile.am ++++ gcc-4.1.2/libstdc++-v3/po/Makefile.am +@@ -39,6 +39,7 @@ MSGFMT = msgfmt + EXTRA_DIST = string_literals.cc POTFILES.in $(PACKAGE).pot $(LOCALE_IN) + + .po.mo: ++ env --unset=LD_LIBRARY_PATH \ + $(MSGFMT) -o $@ $< + + all-local: all-local-$(USE_NLS) +--- gcc-4.1.2.orig/libstdc++-v3/po/Makefile.in ++++ gcc-4.1.2/libstdc++-v3/po/Makefile.in +@@ -419,6 +419,7 @@ uninstall-am: uninstall-info-am + + + .po.mo: ++ env --unset=LD_LIBRARY_PATH \ + $(MSGFMT) -o $@ $< + + all-local: all-local-$(USE_NLS) diff --git a/system/gcc/050_all_libiberty-asprintf.patch b/system/gcc/050_all_libiberty-asprintf.patch new file mode 100644 index 000000000..bee0c4c23 --- /dev/null +++ b/system/gcc/050_all_libiberty-asprintf.patch @@ -0,0 +1,18 @@ +2008-07-25 Magnus Granberg <zorry@ume.nu> + + * include/libiberty.h (asprintf): Don't declare if defined as a macro + +--- a/include/libiberty.h ++++ b/include/libiberty.h +@@ -609,8 +609,11 @@ extern int pwait (int, int *, int); + /* Like sprintf but provides a pointer to malloc'd storage, which must + be freed by the caller. */ + ++/* asprintf may be declared as a macro by glibc with __USE_FORTIFY_LEVEL. */ ++#ifndef asprintf + extern int asprintf (char **, const char *, ...) ATTRIBUTE_PRINTF_2; + #endif ++#endif + + #if !HAVE_DECL_VASPRINTF + /* Like vsprintf but provides a pointer to malloc'd storage, which diff --git a/system/gcc/051_all_libiberty-pic.patch b/system/gcc/051_all_libiberty-pic.patch new file mode 100644 index 000000000..b6160a730 --- /dev/null +++ b/system/gcc/051_all_libiberty-pic.patch @@ -0,0 +1,10 @@ +--- a/libiberty/Makefile.in ++++ b/libiberty/Makefile.in +@@ -246,6 +246,7 @@ $(TARGETLIB): $(REQUIRED_OFILES) $(EXTRA_OFILES) $(LIBOBJS) + $(AR) $(AR_FLAGS) $(TARGETLIB) \ + $(REQUIRED_OFILES) $(EXTRA_OFILES) $(LIBOBJS); \ + $(RANLIB) $(TARGETLIB); \ ++ cp $(TARGETLIB) ../ ; \ + cd ..; \ + else true; fi + diff --git a/system/gcc/053_all_libitm-no-fortify-source.patch b/system/gcc/053_all_libitm-no-fortify-source.patch new file mode 100644 index 000000000..5ab15afc3 --- /dev/null +++ b/system/gcc/053_all_libitm-no-fortify-source.patch @@ -0,0 +1,27 @@ +https://bugs.gentoo.org/508852 +https://gcc.gnu.org/PR61164 + +2014-04-27 Magnus Granberg <zorry@gentoo.org> + + #508852 + * libitm/configure.tgt: Disable FORTIFY + +--- a/libitm/configure.tgt ++++ b/libitm/configure.tgt +@@ -43,6 +43,16 @@ if test "$gcc_cv_have_tls" = yes ; then + esac + fi + ++# FIXME: error: inlining failed in call to always_inline ++# ‘int vfprintf(FILE*, const char*, __va_list_tag*)’ ++# : function body can be overwritten at link time ++# Disable Fortify in libitm for now. #508852 ++case "${target}" in ++ *-*-linux*) ++ XCFLAGS="${XCFLAGS} -U_FORTIFY_SOURCE" ++ ;; ++esac ++ + # Map the target cpu to an ARCH sub-directory. At the same time, + # work out any special compilation flags as necessary. + case "${target_cpu}" in diff --git a/system/gcc/067_all_gcc-poison-system-directories.patch b/system/gcc/067_all_gcc-poison-system-directories.patch new file mode 100644 index 000000000..103671617 --- /dev/null +++ b/system/gcc/067_all_gcc-poison-system-directories.patch @@ -0,0 +1,194 @@ +http://cgit.openembedded.org/openembedded-core/plain/meta/recipes-devtools/gcc/gcc-6.1/0010-gcc-poison-system-directories.patch + +From d76250323dad69212c958e4857a98d99ab51a39e Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Fri, 29 Mar 2013 08:59:00 +0400 +Subject: [PATCH 10/46] gcc: poison-system-directories + +Signed-off-by: Khem Raj <raj.khem@gmail.com> + +Upstream-Status: Inappropriate [distribution: codesourcery] +--- + gcc/common.opt | 4 ++++ + gcc/config.in | 6 ++++++ + gcc/configure | 16 ++++++++++++++++ + gcc/configure.ac | 10 ++++++++++ + gcc/doc/invoke.texi | 9 +++++++++ + gcc/gcc.c | 2 ++ + gcc/incpath.c | 19 +++++++++++++++++++ + 7 files changed, 66 insertions(+) + +diff --git a/gcc/common.opt b/gcc/common.opt +index 67048db..733185c 100644 +--- a/gcc/common.opt ++++ b/gcc/common.opt +@@ -659,6 +659,10 @@ Wreturn-local-addr + Common Var(warn_return_local_addr) Init(1) Warning + Warn about returning a pointer/reference to a local or temporary variable. + ++Wpoison-system-directories ++Common Var(flag_poison_system_directories) Init(1) Warning ++Warn for -I and -L options using system directories if cross compiling ++ + Wshadow + Common Var(warn_shadow) Warning + Warn when one local variable shadows another. +diff --git a/gcc/config.in b/gcc/config.in +index 115cb61..105b30f 100644 +--- a/gcc/config.in ++++ b/gcc/config.in +@@ -187,6 +187,12 @@ + #endif + + ++/* Define to warn for use of native system header directories */ ++#ifndef USED_FOR_TARGET ++#undef ENABLE_POISON_SYSTEM_DIRECTORIES ++#endif ++ ++ + /* Define if you want all operations on RTL (the basic data structure of the + optimizer and back end) to be checked for dynamic type safety at runtime. + This is quite expensive. */ +diff --git a/gcc/configure b/gcc/configure +index 1c6e340..8f83152 100755 +--- a/gcc/configure ++++ b/gcc/configure +@@ -942,6 +942,7 @@ with_system_zlib + enable_maintainer_mode + enable_link_mutex + enable_version_specific_runtime_libs ++enable_poison_system_directories + enable_plugin + enable_host_shared + enable_libquadmath_support +@@ -1681,6 +1682,8 @@ Optional Features: + --enable-version-specific-runtime-libs + specify that runtime libraries should be installed + in a compiler-specific directory ++ --enable-poison-system-directories ++ warn for use of native system header directories + --enable-plugin enable plugin support + --enable-host-shared build host code as shared libraries + --disable-libquadmath-support +@@ -28908,6 +28911,19 @@ if test "${enable_version_specific_runtime_libs+set}" = set; then : + fi + + ++# Check whether --enable-poison-system-directories was given. ++if test "${enable_poison_system_directories+set}" = set; then : ++ enableval=$enable_poison_system_directories; ++else ++ enable_poison_system_directories=no ++fi ++ ++if test "x${enable_poison_system_directories}" = "xyes"; then ++ ++$as_echo "#define ENABLE_POISON_SYSTEM_DIRECTORIES 1" >>confdefs.h ++ ++fi ++ + # Substitute configuration variables + + +diff --git a/gcc/configure.ac b/gcc/configure.ac +index 6c1dcd9..0fccaef 100644 +--- a/gcc/configure.ac ++++ b/gcc/configure.ac +@@ -5861,6 +5861,16 @@ AC_ARG_ENABLE(version-specific-runtime-libs, + [specify that runtime libraries should be + installed in a compiler-specific directory])]) + ++AC_ARG_ENABLE([poison-system-directories], ++ AS_HELP_STRING([--enable-poison-system-directories], ++ [warn for use of native system header directories]),, ++ [enable_poison_system_directories=no]) ++if test "x${enable_poison_system_directories}" = "xyes"; then ++ AC_DEFINE([ENABLE_POISON_SYSTEM_DIRECTORIES], ++ [1], ++ [Define to warn for use of native system header directories]) ++fi ++ + # Substitute configuration variables + AC_SUBST(subdirs) + AC_SUBST(srcdir) +diff --git a/gcc/doc/invoke.texi b/gcc/doc/invoke.texi +index 821f8fd..8bb49e7 100644 +--- a/gcc/doc/invoke.texi ++++ b/gcc/doc/invoke.texi +@@ -284,6 +284,7 @@ Objective-C and Objective-C++ Dialects}. + -Wparentheses -Wno-pedantic-ms-format @gol + -Wplacement-new -Wplacement-new=@var{n} @gol + -Wpointer-arith -Wno-pointer-to-int-cast @gol ++-Wno-poison-system-directories @gol + -Wno-pragmas -Wredundant-decls -Wno-return-local-addr @gol + -Wreturn-type -Wsequence-point -Wshadow -Wno-shadow-ivar @gol + -Wshift-overflow -Wshift-overflow=@var{n} @gol +@@ -4723,6 +4724,14 @@ made up of data only and thus requires no special treatment. But, for + most targets, it is made up of code and thus requires the stack to be + made executable in order for the program to work properly. + ++@item -Wno-poison-system-directories ++@opindex Wno-poison-system-directories ++Do not warn for @option{-I} or @option{-L} options using system ++directories such as @file{/usr/include} when cross compiling. This ++option is intended for use in chroot environments when such ++directories contain the correct headers and libraries for the target ++system rather than the host. ++ + @item -Wfloat-equal + @opindex Wfloat-equal + @opindex Wno-float-equal +diff --git a/gcc/gcc.c b/gcc/gcc.c +index 1af5920..4cfef7f 100644 +--- a/gcc/gcc.c ++++ b/gcc/gcc.c +@@ -1017,6 +1017,8 @@ proper position among the other output files. */ + "%{fuse-ld=*:-fuse-ld=%*} " LINK_COMPRESS_DEBUG_SPEC \ + "%X %{o*} %{e*} %{N} %{n} %{r}\ + %{s} %{t} %{u*} %{z} %{Z} %{!nostdlib:%{!nostartfiles:%S}} \ ++ %{Wno-poison-system-directories:--no-poison-system-directories} \ ++ %{Werror=poison-system-directories:--error-poison-system-directories} \ + %{static:} %{L*} %(mfwrap) %(link_libgcc) " \ + VTABLE_VERIFICATION_SPEC " " SANITIZER_EARLY_SPEC " %o " CHKP_SPEC " \ + %{fopenacc|fopenmp|%:gt(%{ftree-parallelize-loops=*:%*} 1):\ +diff --git a/gcc/incpath.c b/gcc/incpath.c +index ea40f4a..856da41 100644 +--- a/gcc/incpath.c ++++ b/gcc/incpath.c +@@ -26,6 +26,7 @@ + #include "intl.h" + #include "incpath.h" + #include "cppdefault.h" ++#include "diagnostic-core.h" + + /* Microsoft Windows does not natively support inodes. + VMS has non-numeric inodes. */ +@@ -381,6 +382,24 @@ merge_include_chains (const char *sysroot, cpp_reader *pfile, int verbose) + } + fprintf (stderr, _("End of search list.\n")); + } ++ ++#ifdef ENABLE_POISON_SYSTEM_DIRECTORIES ++ if (flag_poison_system_directories) ++ { ++ struct cpp_dir *p; ++ ++ for (p = heads[QUOTE]; p; p = p->next) ++ { ++ if ((!strncmp (p->name, "/usr/include", 12)) ++ || (!strncmp (p->name, "/usr/local/include", 18)) ++ || (!strncmp (p->name, "/usr/X11R6/include", 18))) ++ warning (OPT_Wpoison_system_directories, ++ "include location \"%s\" is unsafe for " ++ "cross-compilation", ++ p->name); ++ } ++ } ++#endif + } + + /* Use given -I paths for #include "..." but not #include <...>, and +-- +2.8.2 + diff --git a/system/gcc/090_all_pr55930-dependency-tracking.patch b/system/gcc/090_all_pr55930-dependency-tracking.patch new file mode 100644 index 000000000..a8743e08c --- /dev/null +++ b/system/gcc/090_all_pr55930-dependency-tracking.patch @@ -0,0 +1,18 @@ +libatomic build failure if configured with --disable-dependency-tracking +load_n.c:115:1: fatal error: opening dependency file .deps/load_1_.lo.Ppo: No such file or directory + +https://bugs.gentoo.org/463463 +http://gcc.gnu.org/PR55930 + +--- a/libatomic/Makefile.in ++++ b/libatomic/Makefile.in +@@ -298,7 +298,8 @@ PAT_N = $(word 2,$(PAT_SPLIT)) + PAT_S = $(word 3,$(PAT_SPLIT)) + IFUNC_DEF = -DIFUNC_ALT=$(PAT_S) + IFUNC_OPT = $(word $(PAT_S),$(IFUNC_OPTIONS)) +-M_DEPS = -MT $@ -MD -MP -MF $(DEPDIR)/$(@F).Ppo ++@AMDEP_TRUE@M_DEPS = -MT $@ -MD -MP -MF $(DEPDIR)/$(@F).Ppo ++@AMDEP_FALSE@M_DEPS = + M_SIZE = -DN=$(PAT_N) + M_IFUNC = $(if $(PAT_S),$(IFUNC_DEF) $(IFUNC_OPT)) + M_FILE = $(PAT_BASE)_n.c diff --git a/system/gcc/201-cilkrts.patch b/system/gcc/201-cilkrts.patch new file mode 100644 index 000000000..4aac10d6d --- /dev/null +++ b/system/gcc/201-cilkrts.patch @@ -0,0 +1,59 @@ +From 594e3c1ab576daddeb86015efc8b1677020b1878 Mon Sep 17 00:00:00 2001 +From: Szabolcs Nagy <nsz@port70.net> +Date: Sat, 24 Oct 2015 20:39:30 +0000 +Subject: [PATCH 1/6] cilkrts + +--- + libcilkrts/runtime/os-unix.c | 22 +++++++--------------- + 1 file changed, 7 insertions(+), 15 deletions(-) + +diff --git a/libcilkrts/runtime/os-unix.c b/libcilkrts/runtime/os-unix.c +index cb582dd..e43d7d5 100644 +--- a/libcilkrts/runtime/os-unix.c ++++ b/libcilkrts/runtime/os-unix.c +@@ -51,6 +51,7 @@ + #if defined __linux__ + # include <sys/sysinfo.h> + # include <sys/syscall.h> ++# include <sched.h> + #elif defined __APPLE__ + # include <sys/sysctl.h> + // Uses sysconf(_SC_NPROCESSORS_ONLN) in verbose output +@@ -400,28 +401,19 @@ COMMON_SYSDEP void __cilkrts_sleep(void) + + COMMON_SYSDEP void __cilkrts_yield(void) + { +-#if __APPLE__ || __FreeBSD__ || __VXWORKS__ +- // On MacOS, call sched_yield to yield quantum. I'm not sure why we +- // don't do this on Linux also. +- sched_yield(); +-#elif defined(__DragonFly__) +- // On DragonFly BSD, call sched_yield to yield quantum. +- sched_yield(); +-#elif defined(__MIC__) ++#if defined(__MIC__) + // On MIC, pthread_yield() really trashes things. Arch's measurements + // showed that calling _mm_delay_32() (or doing nothing) was a better + // option. Delaying 1024 clock cycles is a reasonable compromise between + // giving up the processor and latency starting up when work becomes + // available + _mm_delay_32(1024); +-#elif defined(__ANDROID__) || (defined(__sun__) && defined(__svr4__)) +- // On Android and Solaris, call sched_yield to yield quantum. I'm not +- // sure why we don't do this on Linux also. +- sched_yield(); +-#else +- // On Linux, call pthread_yield (which in turn will call sched_yield) +- // to yield quantum. ++#elif defined(__sun__) && !defined(__svr4__) ++ // On old SunOS call pthread_yield to yield a quantum. + pthread_yield(); ++#else ++ // On other platforms call sched_yield to yield a quantum. ++ sched_yield(); + #endif + } + +-- +2.8.1 + diff --git a/system/gcc/203-libgcc_s.patch b/system/gcc/203-libgcc_s.patch new file mode 100644 index 000000000..c74351c71 --- /dev/null +++ b/system/gcc/203-libgcc_s.patch @@ -0,0 +1,56 @@ +From 9e3eab51e518018d9d99b3123598b1e2322a6af3 Mon Sep 17 00:00:00 2001 +From: Szabolcs Nagy <nsz@port70.net> +Date: Sat, 24 Oct 2015 20:09:53 +0000 +Subject: [PATCH 3/6] libgcc_s + +--- + gcc/config/i386/i386.c | 4 ++-- + libgcc/config/i386/cpuinfo.c | 6 +++--- + libgcc/config/i386/t-linux | 2 +- + 3 files changed, 6 insertions(+), 6 deletions(-) + +diff --git a/gcc/config/i386/i386.c b/gcc/config/i386/i386.c +index 3d044e8..82523e1 100644 +--- a/gcc/config/i386/i386.c ++++ b/gcc/config/i386/i386.c +@@ -40269,10 +40269,10 @@ ix86_expand_builtin (tree exp, rtx target, rtx subtarget, + { + case IX86_BUILTIN_CPU_INIT: + { +- /* Make it call __cpu_indicator_init in libgcc. */ ++ /* Make it call __cpu_indicator_init_local in libgcc.a. */ + tree call_expr, fndecl, type; + type = build_function_type_list (integer_type_node, NULL_TREE); +- fndecl = build_fn_decl ("__cpu_indicator_init", type); ++ fndecl = build_fn_decl ("__cpu_indicator_init_local", type); + call_expr = build_call_expr (fndecl, 0); + return expand_expr (call_expr, target, mode, EXPAND_NORMAL); + } +diff --git a/libgcc/config/i386/cpuinfo.c b/libgcc/config/i386/cpuinfo.c +index 8c2248d..6c82f15 100644 +--- a/libgcc/config/i386/cpuinfo.c ++++ b/libgcc/config/i386/cpuinfo.c +@@ -485,7 +485,7 @@ __cpu_indicator_init (void) + return 0; + } + +-#if defined SHARED && defined USE_ELF_SYMVER +-__asm__ (".symver __cpu_indicator_init, __cpu_indicator_init@GCC_4.8.0"); +-__asm__ (".symver __cpu_model, __cpu_model@GCC_4.8.0"); ++#ifndef SHARED ++int __cpu_indicator_init_local (void) ++ __attribute__ ((weak, alias ("__cpu_indicator_init"))); + #endif +diff --git a/libgcc/config/i386/t-linux b/libgcc/config/i386/t-linux +index 11bb46e..4f47f7b 100644 +--- a/libgcc/config/i386/t-linux ++++ b/libgcc/config/i386/t-linux +@@ -3,4 +3,4 @@ + # t-slibgcc-elf-ver and t-linux + SHLIB_MAPFILES = libgcc-std.ver $(srcdir)/config/i386/libgcc-glibc.ver + +-HOST_LIBGCC2_CFLAGS += -mlong-double-80 -DUSE_ELF_SYMVER ++HOST_LIBGCC2_CFLAGS += -mlong-double-80 +-- +2.8.1 + diff --git a/system/gcc/204-linux_libc_has_function.patch b/system/gcc/204-linux_libc_has_function.patch new file mode 100644 index 000000000..2dcedc3a7 --- /dev/null +++ b/system/gcc/204-linux_libc_has_function.patch @@ -0,0 +1,25 @@ +From edec78452d693fb524daa9a6efd45c850b27b25c Mon Sep 17 00:00:00 2001 +From: Szabolcs Nagy <nsz@port70.net> +Date: Fri, 6 Nov 2015 23:59:20 +0000 +Subject: [PATCH 4/6] linux_libc_has_function + +--- + gcc/config/linux.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/gcc/config/linux.c b/gcc/config/linux.c +index 250296b..16c3768 100644 +--- a/gcc/config/linux.c ++++ b/gcc/config/linux.c +@@ -26,7 +26,7 @@ along with GCC; see the file COPYING3. If not see + bool + linux_libc_has_function (enum function_class fn_class) + { +- if (OPTION_GLIBC) ++ if (OPTION_GLIBC || OPTION_MUSL) + return true; + if (OPTION_BIONIC) + if (fn_class == function_c94 +-- +2.8.1 + diff --git a/system/gcc/205-nopie.patch b/system/gcc/205-nopie.patch new file mode 100644 index 000000000..e3da94d10 --- /dev/null +++ b/system/gcc/205-nopie.patch @@ -0,0 +1,75 @@ +From b6015aca9c9cc83739fd0ed637a835119b2c4e34 Mon Sep 17 00:00:00 2001 +From: Szabolcs Nagy <nsz@port70.net> +Date: Sat, 7 Nov 2015 02:08:05 +0000 +Subject: [PATCH 5/6] nopie + +--- + gcc/configure | 27 +++++++++++++++++++++++++++ + gcc/configure.ac | 13 +++++++++++++ + 2 files changed, 40 insertions(+) + +diff --git a/gcc/configure b/gcc/configure +index 1c6e340..7e8b5d6 100755 +--- a/gcc/configure ++++ b/gcc/configure +@@ -29390,6 +29390,33 @@ fi + $as_echo "$gcc_cv_no_pie" >&6; } + if test "$gcc_cv_no_pie" = "yes"; then + NO_PIE_FLAG="-no-pie" ++else ++ # Check if -nopie works. ++ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for -nopie option" >&5 ++$as_echo_n "checking for -nopie option... " >&6; } ++if test "${gcc_cv_nopie+set}" = set; then : ++ $as_echo_n "(cached) " >&6 ++else ++ saved_LDFLAGS="$LDFLAGS" ++ LDFLAGS="$LDFLAGS -nopie" ++ cat confdefs.h - <<_ACEOF >conftest.$ac_ext ++/* end confdefs.h. */ ++int main(void) {return 0;} ++_ACEOF ++if ac_fn_cxx_try_link "$LINENO"; then : ++ gcc_cv_nopie=yes ++else ++ gcc_cv_nopie=no ++fi ++rm -f core conftest.err conftest.$ac_objext \ ++ conftest$ac_exeext conftest.$ac_ext ++ LDFLAGS="$saved_LDFLAGS" ++fi ++{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gcc_cv_nopie" >&5 ++$as_echo "$gcc_cv_nopie" >&6; } ++ if test "$gcc_cv_nopie" = "yes"; then ++ NO_PIE_FLAG="-nopie" ++ fi + fi + + +diff --git a/gcc/configure.ac b/gcc/configure.ac +index 6c1dcd9..0ca7647 100644 +--- a/gcc/configure.ac ++++ b/gcc/configure.ac +@@ -6098,6 +6098,19 @@ AC_CACHE_CHECK([for -no-pie option], + LDFLAGS="$saved_LDFLAGS"]) + if test "$gcc_cv_no_pie" = "yes"; then + NO_PIE_FLAG="-no-pie" ++else ++ # Check if -nopie works. ++ AC_CACHE_CHECK([for -nopie option], ++ [gcc_cv_nopie], ++ [saved_LDFLAGS="$LDFLAGS" ++ LDFLAGS="$LDFLAGS -nopie" ++ AC_LINK_IFELSE([int main(void) {return 0;}], ++ [gcc_cv_nopie=yes], ++ [gcc_cv_nopie=no]) ++ LDFLAGS="$saved_LDFLAGS"]) ++ if test "$gcc_cv_nopie" = "yes"; then ++ NO_PIE_FLAG="-nopie" ++ fi + fi + AC_SUBST([NO_PIE_FLAG]) + +-- +2.8.1 + diff --git a/system/gcc/207-static-pie.patch b/system/gcc/207-static-pie.patch new file mode 100644 index 000000000..9355c584b --- /dev/null +++ b/system/gcc/207-static-pie.patch @@ -0,0 +1,40 @@ +diff --git a/gcc/config/gnu-user.h b/gcc/config/gnu-user.h +index b0bf40a..d4b56fe 100644 +--- a/gcc/config/gnu-user.h ++++ b/gcc/config/gnu-user.h +@@ -51,10 +51,10 @@ see the files COPYING3 and COPYING.RUNTIME respectively. If not, see + #if defined HAVE_LD_PIE + #define GNU_USER_TARGET_STARTFILE_SPEC \ + "%{!shared: %{pg|p|profile:gcrt1.o%s;: \ +- %{" PIE_SPEC ":Scrt1.o%s} %{" NO_PIE_SPEC ":crt1.o%s}}} \ +- crti.o%s %{static:crtbeginT.o%s;: %{shared:crtbeginS.o%s} \ ++ %{" PIE_SPEC ":%{static:rcrt1.o%s;:Scrt1.o%s}} %{" NO_PIE_SPEC ":crt1.o%s}}} \ ++ crti.o%s %{shared:crtbeginS.o%s;: \ + %{" PIE_SPEC ":crtbeginS.o%s} \ +- %{" NO_PIE_SPEC ":crtbegin.o%s}} \ ++ %{" NO_PIE_SPEC ":%{static:crtbeginT.o%s;:crtbegin.o%s}}} \ + %{fvtable-verify=none:%s; \ + fvtable-verify=preinit:vtv_start_preinit.o%s; \ + fvtable-verify=std:vtv_start.o%s} \ +diff --git a/gcc/gcc.c b/gcc/gcc.c +index 0208d61..731564e 100644 +--- a/gcc/gcc.c ++++ b/gcc/gcc.c +@@ -870,7 +870,7 @@ proper position among the other output files. */ + #endif + + #ifdef ENABLE_DEFAULT_PIE +-#define NO_PIE_SPEC "no-pie|static" ++#define NO_PIE_SPEC "no-pie" + #define PIE_SPEC NO_PIE_SPEC "|r|shared:;" + #define NO_FPIE1_SPEC "fno-pie" + #define FPIE1_SPEC NO_FPIE1_SPEC ":;" +@@ -916,7 +916,7 @@ proper position among the other output files. */ + #ifndef LINK_PIE_SPEC + #ifdef HAVE_LD_PIE + #ifndef LD_PIE_SPEC +-#define LD_PIE_SPEC "-pie" ++#define LD_PIE_SPEC "-pie %{static:--no-dynamic-linker -Bsymbolic}" + #endif + #else + #define LD_PIE_SPEC "" diff --git a/system/gcc/300-main-gcc-add-musl-s390x-dynamic-linker.patch b/system/gcc/300-main-gcc-add-musl-s390x-dynamic-linker.patch new file mode 100644 index 000000000..241957871 --- /dev/null +++ b/system/gcc/300-main-gcc-add-musl-s390x-dynamic-linker.patch @@ -0,0 +1,32 @@ +From be841c16dd544553c67faac79bd4cc3cd10a1dc0 Mon Sep 17 00:00:00 2001 +From: "Tuan M. Hoang" <tmhoang@flatglobe.org> +Date: Mon, 21 Nov 2016 01:42:16 +0700 +Subject: [PATCH] main/gcc: add musl s390x dynamic linker + +--- + gcc/config/s390/linux.h | 9 +++++++++ + 1 file changed, 9 insertions(+) + +diff --git a/gcc/config/s390/linux.h b/gcc/config/s390/linux.h +index 1e3ed35..a244214 100644 +--- a/gcc/config/s390/linux.h ++++ b/gcc/config/s390/linux.h +@@ -63,6 +63,15 @@ along with GCC; see the file COPYING3. If not see + #define GLIBC_DYNAMIC_LINKER32 "/lib/ld.so.1" + #define GLIBC_DYNAMIC_LINKER64 "/lib/ld64.so.1" + ++#undef MUSL_DYNAMIC_LINKER ++#define MUSL_DYNAMIC_LINKER "/lib/ld-musl-s390x.so.1" ++#undef MUSL_DYNAMIC_LINKER32 ++#define MUSL_DYNAMIC_LINKER32 "/lib/ld-musl-s390x.so.1" ++#undef MUSL_DYNAMIC_LINKER64 ++#define MUSL_DYNAMIC_LINKER64 "/lib/ld-musl-s390x.so.1" ++#undef MUSL_DYNAMIC_LINKERX32 ++#define MUSL_DYNAMIC_LINKERX32 "/lib/ld-musl-s390x.so.1" ++ + #undef LINK_SPEC + #define LINK_SPEC \ + "%{m31:-m elf_s390}%{m64:-m elf64_s390} --as-needed \ +-- +2.10.2 + diff --git a/system/gcc/310-build-gcj-s390x.patch b/system/gcc/310-build-gcj-s390x.patch new file mode 100644 index 000000000..1e522ee15 --- /dev/null +++ b/system/gcc/310-build-gcj-s390x.patch @@ -0,0 +1,28 @@ +From 697a7ba791fce2ffab2ed723d909a89684019e3d Mon Sep 17 00:00:00 2001 +From: "Tuan M. Hoang" <tmhoang@flatglobe.org> +Date: Sun, 19 Feb 2017 17:03:33 +0000 +Subject: [PATCH] main/gcc : when building gcc-java on s390x, libgcj.so + complains about undefined reference to __data_start. Using + SEARCH_FOR_DATA_START instead solved it. Credit to Andrew Haley at RedHat. + +--- + boehm-gc/include/private/gcconfig.h | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/boehm-gc/include/private/gcconfig.h b/boehm-gc/include/private/gcconfig.h +index 4ca6a80..a15fff6 100644 +--- a/boehm-gc/include/private/gcconfig.h ++++ b/boehm-gc/include/private/gcconfig.h +@@ -1837,8 +1837,7 @@ + # define OS_TYPE "LINUX" + # define LINUX_STACKBOTTOM + # define DYNAMIC_LOADING +- extern int __data_start[]; +-# define DATASTART ((ptr_t)(__data_start)) ++# define SEARCH_FOR_DATA_START + extern int _end[]; + # define DATAEND (_end) + # define CACHE_LINE_SIZE 256 +-- +2.11.1 + diff --git a/system/gcc/320-libffi-gnulinux.patch b/system/gcc/320-libffi-gnulinux.patch new file mode 100644 index 000000000..b3b4fc931 --- /dev/null +++ b/system/gcc/320-libffi-gnulinux.patch @@ -0,0 +1,13 @@ +diff --git a/libffi/closures.c.orig b/libffi/closures.c +index 721ff00..22a699c 100644 +--- a/libffi/src/closures.c.orig ++++ b/libffi/src/closures.c +@@ -34,7 +34,7 @@ + #include <ffi_common.h> + + #if !FFI_MMAP_EXEC_WRIT && !FFI_EXEC_TRAMPOLINE_TABLE +-# if __gnu_linux__ && !defined(__ANDROID__) ++# if __linux__ && !defined(__ANDROID__) + /* This macro indicates it may be forbidden to map anonymous memory + with both write and execute permission. Code compiled when this + option is defined will attempt to map such pages once, but if it diff --git a/system/gcc/APKBUILD b/system/gcc/APKBUILD new file mode 100644 index 000000000..0ae8352ae --- /dev/null +++ b/system/gcc/APKBUILD @@ -0,0 +1,644 @@ +# Maintainer: Adelie Platform Group <adelie-devel@lists.adelielinux.org> +pkgname=gcc +pkgver=6.4.0 +[ "$BOOTSTRAP" = "nolibc" ] && pkgname="gcc-pass2" +[ "$CBUILD" != "$CHOST" ] && _cross="-$CARCH" || _cross="" +[ "$CHOST" != "$CTARGET" ] && _target="-$CTARGET_ARCH" || _target="" + +pkgname="$pkgname$_target" +pkgrel=7 +pkgdesc="The GNU Compiler Collection" +url="http://gcc.gnu.org" +arch="all" +license="GPL LGPL" +_gccrel=$pkgver-r$pkgrel +depends="binutils$_target isl" +makedepends_build="gcc$_cross g++$_cross paxmark bison flex texinfo zip gmp-dev mpfr-dev mpc1-dev zlib-dev" +makedepends_host="linux-headers gmp-dev mpfr-dev mpc1-dev isl-dev zlib-dev !gettext-dev" +subpackages=" " +[ "$CHOST" = "$CTARGET" ] && subpackages="gcc-doc$_target" +replaces="libstdc++ binutils" +options="$options !check !dbg strip" + +: ${LANG_CXX:=true} +: ${LANG_OBJC:=true} +: ${LANG_JAVA:=true} +: ${LANG_GO:=true} +: ${LANG_FORTRAN:=true} +: ${LANG_ADA:=true} + +LIBGOMP=true +LIBGCC=true +LIBATOMIC=true +LIBITM=true + +if [ "$CHOST" != "$CTARGET" ]; then + if [ "$BOOTSTRAP" = nolibc ]; then + LANG_CXX=false + LANG_ADA=false + LIBGCC=false + _builddir="$srcdir/build-cross-pass2" + else + _builddir="$srcdir/build-cross-final" + fi + LANG_OBJC=false + LANG_JAVA=false + LANG_GO=false + LANG_FORTRAN=false + LIBGOMP=false + LIBATOMIC=false + LIBITM=false + + # reset target flags (should be set in crosscreate abuild) + # fixup flags. seems gcc treats CPPFLAGS as global without + # _FOR_xxx variants. wrap it in CFLAGS and CXXFLAGS. + export CFLAGS="$CPPFLAGS $CFLAGS" + export CXXFLAGS="$CPPFLAGS $CXXFLAGS" + unset CPPFLAGS + export CFLAGS_FOR_TARGET=" " + export CXXFLAGS_FOR_TARGET=" " + export LDFLAGS_FOR_TARGET=" " + + STRIP_FOR_TARGET="$CTARGET-strip" +elif [ "$CBUILD" != "$CHOST" ]; then + # fixup flags. seems gcc treats CPPFLAGS as global without + # _FOR_xxx variants. wrap it in CFLAGS and CXXFLAGS. + export CFLAGS="$CPPFLAGS $CFLAGS" + export CXXFLAGS="$CPPFLAGS $CXXFLAGS" + unset CPPFLAGS + + # reset flags and cc for build + export CC_FOR_BUILD="gcc" + export CXX_FOR_BUILD="g++" + export CFLAGS_FOR_BUILD=" " + export CXXFLAGS_FOR_BUILD=" " + export LDFLAGS_FOR_BUILD=" " + export CFLAGS_FOR_TARGET=" " + export CXXFLAGS_FOR_TARGET=" " + export LDFLAGS_FOR_TARGET=" " + + # Languages that do not need bootstrapping + LANG_OBJC=false + LANG_JAVA=false + LANG_GO=false + LANG_FORTRAN=false + + STRIP_FOR_TARGET=${CROSS_COMPILE}strip + _builddir="$srcdir/build-cross-native" +else + STRIP_FOR_TARGET=${CROSS_COMPILE}strip + _builddir="$srcdir/build" +fi + +# Go needs {set,make,swap}context, unimplemented in musl +[ "$CTARGET_LIBC" = musl ] && LANG_GO=false + +# libitm has TEXTRELs in ARM build, so disable for now +case "$CTARGET_ARCH" in +arm*) LIBITM=false ;; +esac + +# Fortran uses libquadmath if toolchain has __float128 +# currently on x86, x86_64 and ia64 +LIBQUADMATH=$LANG_FORTRAN +case "$CTARGET_ARCH" in +pmmx | x86 | x86_64) LIBQUADMATH=$LANG_FORTRAN ;; +*) LIBQUADMATH=false ;; +esac + +# libatomic is a dependency for openvswitch +$LIBATOMIC && subpackages="$subpackages libatomic::$CTARGET_ARCH" +$LIBGCC && subpackages="$subpackages libgcc::$CTARGET_ARCH" +$LIBQUADMATH && subpackages="$subpackages libquadmath::$CTARGET_ARCH" +if $LIBGOMP; then + depends="$depends libgomp=$_gccrel" + subpackages="$subpackages libgomp::$CTARGET_ARCH" +fi + +_languages=c +if $LANG_CXX; then + subpackages="$subpackages libstdc++:libcxx:$CTARGET_ARCH g++$_target:gpp" + _languages="$_languages,c++" +fi +if $LANG_OBJC; then + subpackages="$subpackages libobjc::$CTARGET_ARCH gcc-objc$_target:objc" + _languages="$_languages,objc" +fi +if $LANG_JAVA; then + subpackages="$subpackages libgcj::$CTARGET_ARCH gcc-java$_target:java" + _languages="$_languages,java" +fi +if $LANG_GO; then + subpackages="$subpackages libgo::$CTARGET_ARCH gcc-go$_target:go" + _languages="$_languages,go" +fi +if $LANG_FORTRAN; then + subpackages="$subpackages libgfortran::$CTARGET_ARCH gfortran$_target:gfortran" + _languages="$_languages,fortran" +fi +if $LANG_ADA; then + subpackages="$subpackages libgnat::$CTARGET_ARCH gcc-gnat$_target:gnat" + _languages="$_languages,ada" + makedepends_build="$makedepends_build gcc-gnat gcc-gnat$_cross" +fi +makedepends="$makedepends_build $makedepends_host" + +source="ftp://gcc.gnu.org/pub/gcc/releases/gcc-${_pkgbase:-$pkgver}/gcc-${_pkgbase:-$pkgver}.tar.xz + ftp://sourceware.org/pub/java/ecj-4.9.jar + + 001_all_default-ssp-strong.patch + 002_all_default-relro.patch + 003_all_default-fortify-source.patch + 005_all_default-as-needed.patch + 011_all_default-warn-format-security.patch + 012_all_default-warn-trampolines.patch + 020_all_msgfmt-libstdc++-link.patch + 050_all_libiberty-asprintf.patch + 051_all_libiberty-pic.patch + 053_all_libitm-no-fortify-source.patch + 067_all_gcc-poison-system-directories.patch + 090_all_pr55930-dependency-tracking.patch + + 201-cilkrts.patch + 203-libgcc_s.patch + 204-linux_libc_has_function.patch + 205-nopie.patch + 207-static-pie.patch + + libgcc-always-build-gcceh.a.patch + gcc-4.9-musl-fortify.patch + gcc-6.1-musl-libssp.patch + boehm-gc-musl.patch + gcc-pure64.patch + fix-gcj-stdgnu14-link.patch + fix-gcj-musl.patch + fix-gcj-iconv-musl.patch + + gcc-4.8-build-args.patch + fix-cxxflags-passing.patch + ada-fixes.patch + ada-shared.patch + ada-musl.patch + ada-aarch64-multiarch.patch + + 300-main-gcc-add-musl-s390x-dynamic-linker.patch + 310-build-gcj-s390x.patch + 320-libffi-gnulinux.patch + + fix-rs6000-pie.patch + add-classic_table-support.patch + " + +# we build out-of-tree +_gccdir="$srcdir"/gcc-${_pkgbase:-$pkgver} +_gcclibdir=/usr/lib/gcc/${CTARGET}/$pkgver +_gcclibexec=/usr/libexec/gcc/${CTARGET}/$pkgver + +prepare() { + cd "$_gccdir" + + _err= + for i in $source; do + case "$i" in + *.patch) + msg "Applying $i" + patch -p1 -F3 -i "$srcdir"/$i || _err="$_err $i" + ;; + esac + done + + if [ -n "$_err" ]; then + error "The following patches failed:" + for i in $_err; do + echo " $i" + done + return 1 + fi + + # see http://gcc.gnu.org/ml/java/2008-04/msg00027.html + mv "$srcdir"/ecj-*.jar ecj.jar + + echo ${pkgver} > gcc/BASE-VER + echo "UNSUPPORTED=1" > libcilkrts/configure.tgt +} + +build() { + local _arch_configure= + local _libc_configure= + local _cross_configure= + local _bootstrap_configure= + local _hash_style=gnu + local _symvers= + + cd "$_gccdir" + + case "$CTARGET" in + aarch64-*-*-*) _arch_configure="--with-arch=armv8-a --with-abi=lp64";; + armv5-*-*-*eabi) _arch_configure="--with-arch=armv5te --with-tune=arm926ej-s --with-float=soft --with-abi=aapcs-linux";; + armv6-*-*-*eabihf) _arch_configure="--with-arch=armv6zk --with-tune=arm1176jzf-s --with-fpu=vfp --with-float=hard --with-abi=aapcs-linux";; + armv7-*-*-*eabihf) _arch_configure="--with-arch=armv7-a --with-tune=generic-armv7-a --with-fpu=vfpv3-d16 --with-float=hard --with-abi=aapcs-linux --with-mode=thumb";; + mipsel-*-*-*) _arch_configure="--with-arch-32=mips2 --with-tune-32=mips32 --with-fp-32=32 --with-mips-plt --with-float=hard --with-abi=32";; + mips-*-*-*) _arch_configure="--with-arch=mips3 --with-mips-plt --with-abi=32"; _hash_style="sysv";; + mips32el-*-*-*) _arch_configure="--with-arch=mips32 --with-mips-plt --with-abi=32"; _hash_style="sysv";; + powerpc-*-*-*) _arch_configure="--enable-secureplt --enable-decimal-float=no";; + powerpc64*-*-*-*) _arch_configure="--with-abi=elfv2 --enable-secureplt --enable-decimal-float=no";; + powerpc64le*-*-*-*) _arch_configure="--with-abi=elfv2 --enable-secureplt --enable-decimal-float=no";; + i486-*-*-*) _arch_configure="--with-arch=i486 --with-tune=generic --enable-cld";; + i586-*-*-*) _arch_configure="--with-arch=i586 --with-tune=pentium2 --enable-cld --enable-mmx";; + pentium3-*-*-*) _arch_configure="--with-arch=pentium3 --with-tune=pentium-m";; + s390x-*-*-*) _arch_configure="--with-arch=z196 --with-tune=zEC12 --with-zarch --with-long-double-128 --enable-decimal-float";; + esac + + case "$CTARGET_LIBC" in + musl) + # musl does not support mudflap, or libsanitizer + # libmpx uses secure_getenv and struct _libc_fpstate not present in musl + # alpine musl provides libssp_nonshared.a, so we don't need libssp either + _libc_configure="--disable-libssp --disable-libmpx --disable-libmudflap --disable-libsanitizer" + _symvers="--disable-symvers" + export libat_cv_have_ifunc=no + ;; + esac + + [ "$CBUILD" != "$CHOST" ] && _cross_configure="--disable-bootstrap" + [ "$CHOST" != "$CTARGET" ] && _cross_configure="--disable-bootstrap --with-sysroot=$CBUILDROOT" + + case "$BOOTSTRAP" in + nolibc) _bootstrap_configure="--with-newlib --disable-shared --enable-threads=no" ;; + *) _bootstrap_configure="--enable-shared --enable-threads --enable-tls" ;; + esac + + $LIBGOMP || _bootstrap_configure="$_bootstrap_configure --disable-libgomp" + $LIBATOMIC || _bootstrap_configure="$_bootstrap_configure --disable-libatomic" + $LIBITM || _bootstrap_configure="$_bootstrap_configure --disable-libitm" + $LIBQUADMATH || _arch_configure="$_arch_configure --disable-libquadmath" + + msg "Building the following:" + echo "" + echo " CBUILD=$CBUILD" + echo " CHOST=$CHOST" + echo " CTARGET=$CTARGET" + echo " CTARGET_ARCH=$CTARGET_ARCH" + echo " CTARGET_LIBC=$CTARGET_LIBC" + echo " languages=$_languages" + echo " arch_configure=$_arch_configure" + echo " libc_configure=$_libc_configure" + echo " cross_configure=$_cross_configure" + echo " bootstrap_configure=$_bootstrap_configure" + echo " hash_style=$_hash_style" + echo "" + + mkdir -p "$_builddir" + cd "$_builddir" + "$_gccdir"/configure --prefix=/usr \ + --mandir=/usr/share/man \ + --infodir=/usr/share/info \ + --build=${CBUILD} \ + --host=${CHOST} \ + --target=${CTARGET} \ + --with-pkgversion="Adelie ${pkgver}" \ + --with-bugurl="http://bts.adelielinux.org/" \ + --enable-checking=release \ + --disable-fixed-point \ + --disable-libstdcxx-pch \ + --disable-multilib \ + --disable-nls \ + --disable-werror \ + $_symvers \ + --enable-__cxa_atexit \ + --enable-default-pie \ + --enable-cloog-backend \ + --enable-languages=$_languages \ + $_arch_configure \ + $_libc_configure \ + $_cross_configure \ + $_bootstrap_configure \ + --with-system-zlib \ + --with-linker-hash-style=$_hash_style + make +} + +check() { + cd "$_builddir" + make check +} + +package() { + cd "$_builddir" + make -j1 DESTDIR="${pkgdir}" install + + ln -s gcc "$pkgdir"/usr/bin/cc + + # we dont support gcj -static + # and saving 35MB is not bad. + find "$pkgdir" -name libgcj.a -o -name libgtkpeer.a \ + -o -name libgjsmalsa.a -o -name libgcj-tools.a \ + -o -name libjvm.a -o -name libgij.a -o -name libgcj_bc.a \ + -o -name libjavamath.a \ + | xargs rm -f + + # strip debug info from some static libs + ${STRIP_FOR_TARGET} -g `find "$pkgdir" \( -name libgfortran.a -o -name libobjc.a -o -name libgomp.a \ + -o -name libmudflap.a -o -name libmudflapth.a \ + -o -name libgcc.a -o -name libgcov.a -o -name libquadmath.a \ + -o -name libitm.a -o -name libgo.a -o -name libcaf\*.a \ + -o -name libatomic.a -o -name libasan.a -o -name libtsan.a \) \ + -a -type f` + + if $LANG_JAVA; then + sed -i -e 's/lib: /&%{static:%eJava programs cannot be linked statically}/' \ + "$pkgdir"/usr/lib/libgcj.spec + fi + + if $LIBGOMP; then + mv "$pkgdir"/usr/lib/libgomp.spec "$pkgdir"/$_gcclibdir + fi + if $LIBITM; then + mv "$pkgdir"/usr/lib/libitm.spec "$pkgdir"/$_gcclibdir + fi + + # remove ffi + rm -f "$pkgdir"/usr/lib/libffi* "$pkgdir"/usr/share/man/man3/ffi* + find "$pkgdir" -name 'ffi*.h' | xargs rm -f + + local gdblib=${_target:+$CTARGET/}lib + for i in $(find "$pkgdir"/usr/$gdblib/ -type f -maxdepth 1 -name "*-gdb.py" ); do + mkdir -p "$pkgdir"/usr/share/gdb/python/auto-load/usr/$gdblib + mv "$i" "$pkgdir"/usr/share/gdb/python/auto-load/usr/$gdblib/ + done + + paxmark -pmrs "$pkgdir"/$_gcclibexec/cc1 + + # move ada runtime libs + if $LANG_ADA; then + for i in $(find "$pkgdir"/$_gcclibdir/adalib/ -type f -maxdepth 1 -name "libgna*.so"); do + mv "$i" "$pkgdir"/usr/lib/ + ln -s ../../../../${i##*/} $i + done + fi + + if [ "$CHOST" != "$CTARGET" ]; then + # cross-gcc: remove any files that would conflict with the + # native gcc package + rm -rf "$pkgdir"/usr/bin/cc "$pkgdir"/usr/include "$pkgdir"/usr/share + # libcc1 does not depend on target, don't ship it + rm -rf "$pkgdir"/usr/lib/libcc1.so* + + # fixup gcc library symlinks to be linker scripts so + # linker finds the libs from relocated sysroot + for so in "$pkgdir"/usr/$CTARGET/lib/*.so; do + if [ -h "$so" ]; then + local _real=$(basename $(readlink "$so")) + rm -f "$so" + echo "GROUP ($_real)" > "$so" + fi + done + fi +} + +libatomic() { + pkgdesc="GCC Atomic library" + depends= + replaces="gcc" + + mkdir -p "$subpkgdir"/usr/lib + mv "$pkgdir"/usr/${_target:+$CTARGET/}lib/libatomic.so.* "$subpkgdir"/usr/lib/ +} + +libcxx() { + pkgdesc="GNU C++ standard runtime library" + depends= + + mkdir -p "$subpkgdir"/usr/lib + mv "$pkgdir"/usr/${_target:+$CTARGET/}lib/libstdc++.so.* "$subpkgdir"/usr/lib/ +} + +gpp() { + pkgdesc="GNU C++ standard library and compiler" + depends="libstdc++=$_gccrel gcc=$_gccrel libc-dev" + mkdir -p "$subpkgdir/$_gcclibexec" \ + "$subpkgdir"/usr/bin \ + "$subpkgdir"/usr/${_target:+$CTARGET/}include \ + "$subpkgdir"/usr/${_target:+$CTARGET/}lib \ + + mv "$pkgdir/$_gcclibexec/cc1plus" "$subpkgdir/$_gcclibexec/" + paxmark -pmrs "$subpkgdir/$_gcclibexec/cc1plus" + + mv "$pkgdir"/usr/${_target:+$CTARGET/}lib/*++* "$subpkgdir"/usr/${_target:+$CTARGET/}lib/ + mv "$pkgdir"/usr/${_target:+$CTARGET/}include/c++ "$subpkgdir"/usr/${_target:+$CTARGET/}include/ + mv "$pkgdir"/usr/bin/*++ "$subpkgdir"/usr/bin/ +} + +libobjc() { + pkgdesc="GNU Objective-C runtime" + replaces="objc" + depends= + mkdir -p "$subpkgdir"/usr/lib + mv "$pkgdir"/usr/${_target:+$CTARGET/}lib/libobjc.so.* "$subpkgdir"/usr/lib/ +} + +objc() { + pkgdesc="GNU Objective-C" + replaces="gcc" + depends="libc-dev gcc=$_gccrel libobjc=$_gccrel" + + mkdir -p "$subpkgdir"/$_gcclibdir/include \ + "$subpkgdir"/usr/lib + mv "$pkgdir"/$_gcclibdir/include/objc "$subpkgdir"/$_gcclibdir/include/ + mv "$pkgdir"/usr/lib/libobjc.so "$pkgdir"/usr/lib/libobjc.a \ + "$subpkgdir"/usr/lib/ +} + +libgcc() { + pkgdesc="GNU C compiler runtime libraries" + depends= + + mkdir -p "$subpkgdir"/usr/lib + mv "$pkgdir"/usr/${_target:+$CTARGET/}lib/libgcc_s.so.* "$subpkgdir"/usr/lib/ +} + +libgomp() { + pkgdesc="GCC shared-memory parallel programming API library" + depends= + replaces="gcc" + + mkdir -p "$subpkgdir"/usr/lib + mv "$pkgdir"/usr/${_target:+$CTARGET/}lib/libgomp.so.* "$subpkgdir"/usr/lib/ +} + +java() { + pkgdesc="Java support for GCC" + depends="zlib-dev gcc=$_gccrel libgcj=$_gccrel" + + paxmark -pm "$pkgdir"/$_gcclibexec/ecj1 + mkdir -p "$subpkgdir"/usr/bin "$subpkgdir"/usr/lib "$subpkgdir"/$_gcclibdir/ + cd "$pkgdir"/usr/bin + mv gcj gcj-dbtool gjavah gcjh jcf-dump "$subpkgdir"/usr/bin/ + cd "$pkgdir" + for i in $(find usr/ -name ecj1 -o -name jc1 -o -name jvgenmain); do + mkdir -p "$subpkgdir"/${i%/*} + mv "$pkgdir"/$i "$subpkgdir"/$i + done + for i in "$pkgdir"/usr/lib/libgcj*.so; do + if [ -L "$i" ]; then + mv "$i" "$subpkgdir"/usr/lib/ + fi + done + mv "$pkgdir"/usr/lib/libgij.so "$subpkgdir"/usr/lib/ + mv "$pkgdir"/usr/lib/libgcj.spec "$subpkgdir"/$_gcclibdir/ +} + +libgcj() { + pkgdesc="Java runtime library for gcc" + # libgcj_bc.so moved from gcc-java to libgcj + replaces="gcc-java" + depends= + + mkdir -p "$subpkgdir"/usr/bin + cd "$pkgdir"/usr/bin + paxmark -pmse "$pkgdir"/usr/bin/gij + mv aot-compile gappletviewer gc-analyze gij gjar gjarsigner gkeytool\ + gnative2ascii gorbd grmic grmid grmiregistry gserialver \ + gtnameserv jv-convert rebuild-gcj-db \ + "$subpkgdir"/usr/bin/ + cd "$pkgdir" + for i in $(find usr/lib -name jc1 -o -name jvgenmain); do + mkdir -p "$subpkgdir"/${i%/*} + mv "$pkgdir"/$i "$subpkgdir"/$i + done + mkdir -p "$subpkgdir"/usr/lib + mv "$pkgdir"/usr/lib/gcj-* \ + "$pkgdir"/usr/lib/libgcj_bc.so \ + "$pkgdir"/usr/lib/libgcj*.so.* \ + "$pkgdir"/usr/lib/libgij.so.* \ + "$pkgdir"/usr/lib/logging.properties \ + "$pkgdir"/usr/lib/security \ + "$subpkgdir"/usr/lib/ + + mkdir -p "$subpkgdir"/usr/share/ + mv "$pkgdir"/usr/share/java "$subpkgdir"/usr/share/ +} + +libgo() { + pkgdesc="Go runtime library for GCC" + depends= + + mkdir -p "$subpkgdir"/usr/lib + mv "$pkgdir"/usr/lib/libgo.so.* "$subpkgdir"/usr/lib/ +} + +go() { + pkgdesc="Go support for GCC" + depends="gcc=$_gccrel libgo=$_gccrel" + + mkdir -p "$subpkgdir"/$_gcclibexec \ + "$subpkgdir"/usr/lib \ + "$subpkgdir"/usr/bin + mv "$pkgdir"/usr/lib/go "$subpkgdir"/usr/lib/ + mv "$pkgdir"/usr/bin/*gccgo "$subpkgdir"/usr/bin/ + mv "$pkgdir"/$_gcclibexec/go1 "$subpkgdir"/$_gcclibexec/ + mv "$pkgdir"/usr/lib/libgo.a \ + "$pkgdir"/usr/lib/libgo.so \ + "$pkgdir"/usr/lib/libgobegin.a \ + "$subpkgdir"/usr/lib/ +} + +libgfortran() { + pkgdesc="Fortran runtime library for GCC" + depends= + + mkdir -p "$subpkgdir"/usr/lib + mv "$pkgdir"/usr/lib/libgfortran.so.* "$subpkgdir"/usr/lib/ +} + +libquadmath() { + replaces="gcc" + pkgdesc="128-bit math library for GCC" + depends= + + mkdir -p "$subpkgdir"/usr/lib + mv "$pkgdir"/usr/lib/libquadmath.so.* "$subpkgdir"/usr/lib/ +} + +gfortran() { + pkgdesc="GNU Fortran Compiler" + depends="gcc=$_gccrel libgfortran=$_gccrel" + $LIBQUADMATH && depends="$depends libquadmath=$_gccrel" + replaces="gcc" + + mkdir -p "$subpkgdir"/$_gcclibexec \ + "$subpkgdir"/$_gcclibdir \ + "$subpkgdir"/usr/lib \ + "$subpkgdir"/usr/bin + mv "$pkgdir"/usr/bin/*gfortran "$subpkgdir"/usr/bin/ + mv "$pkgdir"/usr/lib/libgfortran.a \ + "$pkgdir"/usr/lib/libgfortran.so \ + "$subpkgdir"/usr/lib/ + if $LIBQUADMATH; then + mv "$pkgdir"/usr/lib/libquadmath.a \ + "$pkgdir"/usr/lib/libquadmath.so \ + "$subpkgdir"/usr/lib/ + fi + mv "$pkgdir"/$_gcclibexec/f951 "$subpkgdir"/$_gcclibexec + mv "$pkgdir"/usr/lib/libgfortran.spec "$subpkgdir"/$_gcclibdir +} + +libgnat() { + pkgdesc="GNU Ada runtime shared libraries" + depends= + + mkdir -p "$subpkgdir"/usr/lib + mv "$pkgdir"/usr/lib/libgna*.so "$subpkgdir"/usr/lib/ +} + +gnat() { + pkgdesc="Ada support for GCC" + depends="gcc=$_gccrel" + [ "$CHOST" = "$CTARGET" ] && depends="$depends libgnat=$_gccrel" + + mkdir -p "$subpkgdir"/$_gcclibexec \ + "$subpkgdir"/$_gcclibdir \ + "$subpkgdir"/usr/bin + mv "$pkgdir"/$_gcclibexec/*gnat* "$subpkgdir"/$_gcclibexec/ + mv "$pkgdir"/$_gcclibdir/*ada* "$subpkgdir"/$_gcclibdir/ + mv "$pkgdir"/usr/bin/*gnat* "$subpkgdir"/usr/bin/ +} + +sha512sums="02c60e54527c7adf584798d5251f8a0b80c93d5deafce82501b2c28e6692e0bd783927bbfc4bc527a863c0cccc025150a34740a9e29badb02d4b48e56a8aba90 gcc-6.4.0.tar.xz +28f8c6fdbcb19e950b1d0bafb3bcc7a8cba87bc673aa6027cece116599cdee80f0cf5e95a1440544890239f5c754e8a93ab46d9daedd937faef445d7ea33b226 ecj-4.9.jar +a1335adc2fbee98e36c4437ff2587771b98ed4180726779020f65039498235626a411cdb0100dbd20cd19d12f0d94f9a21af179ff624676c28cead9d60598b5d 001_all_default-ssp-strong.patch +e36e95b81489163abd6fe9d58f7867bdca43e61143afacbfb17f4698c0b16ec5fd0061d8fab7b2ae615540bebd721c2e2227f80401b4e7fc253da9da62e6b513 002_all_default-relro.patch +f86466c62b8291fac46f9c250c7ad8fa5ab7b1cce2504442fd07ddc4543665b317ae28951f244e39aba29aeaf3fff252ec4f6a147aa16adb2b7aed747dd89188 003_all_default-fortify-source.patch +51282fea54c7e616367bbeb2479ba13fec6f24eb47bd04e2071907b3b36273b2ff24676f46ef8d22f241c8ab4857307861eee076eab66797c3a50a8ecaa1809a 005_all_default-as-needed.patch +3398386dd1e079d6545dd9799adc799c6b80e3984fac6899d0e1a7ee21b66d0c7e53cddf17a65d590c883db750f9f79aaedd857355a8b9f7fb9476c906237919 011_all_default-warn-format-security.patch +9adb0d2b9b67dd957df6c609b8714c7c078efb52cd88770905c37c67827be8fc83d1125037b9c29d77db21ce78756aa2bb0bacdb0b98d869ac126da76a298e21 012_all_default-warn-trampolines.patch +d35a3ac7e13a4446921a90e1ff3eec1079840c845f9d523c868e24ae21f94cf69ba041de5341ebef96432a6f57598e223381d4286e8fb8baaa25906707f29fbd 020_all_msgfmt-libstdc++-link.patch +840070a3c423e6206aaa6e63e1d9a0fcd6efd53626cd1240a193f0b60aa5d84216acc4a2a4fa8bce74549b07e6a316b01d638f20cea13dc62473491a302fb3d6 050_all_libiberty-asprintf.patch +0a0bc72b9366158f5d23fff1928e756fdd212433bac6ab1f00d632f241382820db8db5d475ddf11ea020eaf7e2e71b12fb9b1c3c870cf84adf6c2b16f15aabca 051_all_libiberty-pic.patch +e7a2eb1b1870e199d6fd753d065781575656fa12baa264f96c5d179689d88c31b8a3f92a5dae96088c05e96aa2bda138364ad7dbcc79e1819a102f192cbb7bab 053_all_libitm-no-fortify-source.patch +e87da18aa7ab92b02b06168658c63b42a6c73a08fad2a30f81ef6296100fdbe3c3a91548fd0cb24eaf591e862bb08e4b67249bc4b977b07da33523aee0c686bc 067_all_gcc-poison-system-directories.patch +4a328d1e1a56c20166307edcfa322068915784d9c08025b7f81cf69714da48fc266b6d34f77b9135c2f10da830d9df408276a1b78d1fd218637c2823506593c2 090_all_pr55930-dependency-tracking.patch +ef052d0c3c9642fcb5ed570069c5a49c8ef523c47ac8ce3f201a801766f72ae4ff7c3725a70ee66e52c0fb559621e35fe0cf5b88b901d71ceadd381f49653a08 201-cilkrts.patch +808e206f5e107084156fba333d4e091dcbd62f5d7756142bc292d4b0a52619f8c2aaca3617defc2f5b6552ba0439aebd33f4141329d88eab6ddf2dd637d92c08 203-libgcc_s.patch +fc0de05b36613b732a0222ea005c90653c6a40d6761b6894af2419272f4e74875f37e26af33a9b9940669ef89269c44c46d17ca5bcd54b5cd1176e5eaf2992c1 204-linux_libc_has_function.patch +98473bcaa77903a223ca9b0d2087c0921b287a2816d308cc32c8fe009e6cbf5dd1ae7fba27794ab8d9c09e117fe534413d91a464d1218474fc123ce0adfdc2c1 205-nopie.patch +3287d5b443bea8ec64132bcabe869c738ae98ea8f1a86df1c5d18c927f8816edbfcefeefc47792dbbb2bcacf50319af00e01b3735d34525913b64350770ad453 207-static-pie.patch +d08d7ead2de0429e5c9055d5b029ec2be9a8c821d22cecaf9b51f633652c493333f98963d9267fa2fa63850c50ae5eefd5f59e5910ec10d20044dac082182a8b libgcc-always-build-gcceh.a.patch +600fe5098dc54edaa9808fd5717af9dec058953f9ad37d49cfba1db4f7e9a7a8f02019342f75157fc575946fa693259422184de27b7ecc8386d9f3ecc0f7cc5d gcc-4.9-musl-fortify.patch +dbe0ee917fc7668571722364ab7c806731e3a31e8bfa30b4941b28b16b877d2a32b4a3897ef533399a28f82d43cac9b28e92de0493f0e779046db56584e07fa4 gcc-6.1-musl-libssp.patch +bda845a6aa1854d2c883910b115f79ccfa93dfc2b5eac69a3a236d83eb34cadc140731d616ffc24698c7abc8878dd15f231bcc5119f1860e575a120b311706c7 boehm-gc-musl.patch +fa62556719449caec6b2b434355bfbcaa5ae55ffe017b3e1f827f66a2aae21b79c571ee7a4ce723ea69169bc3a6447e73650991a200cc372adf2f102677518d7 gcc-pure64.patch +2253941f3d19b6d08801d3782f5f5ed56c3b73fbc9d3561a8f01c702963ac4fab91599c686076e7081eb6a80c37ccd33591ae978996d6eee1dc0ce0f1c50259a fix-gcj-stdgnu14-link.patch +f89ddeb21bc8f97e6a850a6b70b4501a8f3e49a4bc8cc82897488decda5d98ad01cb7f6c8b392d452e9579924a523bc75da6e0648c1c976d42e40af48b10343b fix-gcj-musl.patch +54d67cc008b735e47771314171930c5d8b8f5f5dc97fcf4214824c105c808f3e75d22d5a4fdf5068ed0457fa0d46c60cfb442e276259a4a5e9b8722a027d18e6 fix-gcj-iconv-musl.patch +abe9aaf9aa956058d0386a4396a511d176a46bb3906b90e952383646cdc158cbeb0a5dc616a1ccb1ca7d49fd0b5e351532aa15a3b13362abbf1ca4266f54a687 gcc-4.8-build-args.patch +35d6d59f0b7b968f282f56767c9e0823a7bdc5aa0d450aca50fbd802649a7ca608b47671244a3faa208a9b0d6832cabb5a22724157dc817b2c0ad63d09f93282 fix-cxxflags-passing.patch +9016b257abd8fa981de44a49512e35db814d1cbb47c1a87cd31c12d4ae20b13e9e149fe41691a7ec3c95bbcfde8a79194a8d2eaf547ceade3a246fad67c47dd8 ada-fixes.patch +3f5bc334d9f73d06f5f7c876738d02356acdd08958bea0e4d2095ebf15c2c2ec4e411abdae0297505ae9a1699ca01b17338e853184e84663203b192b0d35fc19 ada-shared.patch +631d4bdef6d8bde34df7978bb53ec28c3c909cf1f87139e5f148138d0f09adc58b41ecf0148bbf50fb4bc916c411e9bf8a2b6c046c75c0e77d754d8c35bcd4d7 ada-musl.patch +fa44c8158111627aa0e91c43e7cc3aa38642c2041c96532dd4f0932dae4d6f92ea2850b683abcf10e7e120299d42ea6b69adc00002a514c76be8e39e99fa052b ada-aarch64-multiarch.patch +4b4a0ff306a8ef34ff6e3284fbfca869012164a47ba7cb099085c1dd03e6ca0cdd462f82710e08c9a02895adc7484e4c5eef17b5aa264cf5d978fe8ad78eea93 300-main-gcc-add-musl-s390x-dynamic-linker.patch +385bc2fa50204f678964e5148c6170f572701dab920fbec8301f505bda34d182cde0adb7da042fee71719e12fb59f59181897f9b1bb4f4716ff59aad46ca1998 310-build-gcj-s390x.patch +f4ef08454e28c8732db69115e4998ec153399e8d229dd27f923dbdcf57b68128a65640d026cc7f45b58ba8764ab1eb575d4eb6d6dfc550a87a183f8b94e76181 320-libffi-gnulinux.patch +01c71cd5881fc07ea3b9b980697e89b3ca0fe98502958ceafc3fca18b2604c844e2f457feab711baf8e03f00a5383b0e38aac7eb954034e306f43d4a37f165ed fix-rs6000-pie.patch +68483be0f4daa56bff9f1b4ddcbc9db9087bc0a459388c916dd36746ce20558e092116c3d2eac3daa4512978270901504a6ec6b2aa589e81864e6f236e5d9639 add-classic_table-support.patch" diff --git a/system/gcc/ada-aarch64-multiarch.patch b/system/gcc/ada-aarch64-multiarch.patch new file mode 100644 index 000000000..ac60b6f6a --- /dev/null +++ b/system/gcc/ada-aarch64-multiarch.patch @@ -0,0 +1,16 @@ +--- gcc-6.4.0/gcc/ada/gcc-interface/Makefile.in.orig ++++ gcc-6.4.0/gcc/ada/gcc-interface/Makefile.in +@@ -2042,13 +2042,8 @@ + system.ads<system-linux-x86_64.ads + ## ^^ Note the above is a pretty-close placeholder. + +- ifneq (,$(or $(filter aarch64-linux-gnu, $(shell $(GCC_FOR_TARGET) $(GNATLIBCFLAGS) -print-multiarch)), $(filter ../lib64, $(shell $(GCC_FOR_TARGET) $(GNATLIBCFLAGS) -print-multi-os-directory)))) + LIBGNAT_TARGET_PAIRS = \ + $(LIBGNAT_TARGET_PAIRS_COMMON) $(LIBGNAT_TARGET_PAIRS_64) +- else +- LIBGNAT_TARGET_PAIRS = \ +- $(LIBGNAT_TARGET_PAIRS_COMMON) $(LIBGNAT_TARGET_PAIRS_32) +- endif + + TOOLS_TARGET_PAIRS = \ + mlib-tgt-specific.adb<mlib-tgt-specific-linux.adb \ diff --git a/system/gcc/ada-fixes.patch b/system/gcc/ada-fixes.patch new file mode 100644 index 000000000..ba4ea42b4 --- /dev/null +++ b/system/gcc/ada-fixes.patch @@ -0,0 +1,35 @@ +--- gcc-6.1.0.orig/gcc/ada/cal.c ++++ gcc-6.1.0/gcc/ada/cal.c +@@ -49,6 +49,7 @@ + #include <time.h> + #else + #include <sys/time.h> ++#include <time.h> + #endif + + #ifdef __MINGW32__ +--- gcc-6.1.0.orig/gcc/ada/terminals.c ++++ gcc-6.1.0/gcc/ada/terminals.c +@@ -1068,13 +1068,6 @@ + #include <stdio.h> + #include <stdlib.h> + +-/* On some system termio is either absent or including it will disable termios +- (HP-UX) */ +-#if !defined (__hpux__) && !defined (BSD) && !defined (__APPLE__) \ +- && !defined (__rtems__) +-# include <termio.h> +-#endif +- + #include <sys/ioctl.h> + #include <termios.h> + #include <fcntl.h> +@@ -1169,7 +1162,7 @@ + char *slave_name = NULL; + + #ifdef USE_GETPT +- master_fd = getpt (); ++ master_fd = posix_openpt (O_RDWR); + #elif defined (USE_OPENPTY) + status = openpty (&master_fd, &slave_fd, NULL, NULL, NULL); + #elif defined (USE_CLONE_DEVICE) diff --git a/system/gcc/ada-musl.patch b/system/gcc/ada-musl.patch new file mode 100644 index 000000000..464c3d57d --- /dev/null +++ b/system/gcc/ada-musl.patch @@ -0,0 +1,137 @@ +diff -rup gcc-5.1.0/gcc.orig/ada/adaint.c gcc-5.1.0/gcc/ada/adaint.c +--- gcc-5.1.0/gcc.orig/ada/adaint.c 2015-02-20 11:48:57.000000000 +0000 ++++ gcc-5.1.0/gcc/ada/adaint.c 2015-06-02 10:47:51.672767476 +0000 +@@ -70,6 +70,11 @@ + #include <sys/param.h> + #include <sys/pstat.h> + #endif ++ ++#if defined (linux) ++#define _GNU_SOURCE 1 ++#include <sched.h> ++#endif + + #ifdef __PikeOS__ + #define __BSD_VISIBLE 1 +@@ -3057,8 +3062,6 @@ __gnat_lwp_self (void) + return (void *) syscall (__NR_gettid); + } + +-#include <sched.h> +- + /* glibc versions earlier than 2.7 do not define the routines to handle + dynamically allocated CPU sets. For these targets, we use the static + versions. */ +@@ -3067,7 +3070,7 @@ __gnat_lwp_self (void) + + /* Dynamic cpu sets */ + +-cpu_set_t * ++void * + __gnat_cpu_alloc (size_t count) + { + return CPU_ALLOC (count); +@@ -3080,33 +3083,33 @@ __gnat_cpu_alloc_size (size_t count) + } + + void +-__gnat_cpu_free (cpu_set_t *set) ++__gnat_cpu_free (void *set) + { +- CPU_FREE (set); ++ CPU_FREE ((cpu_set_t *) set); + } + + void +-__gnat_cpu_zero (size_t count, cpu_set_t *set) ++__gnat_cpu_zero (size_t count, void *set) + { +- CPU_ZERO_S (count, set); ++ CPU_ZERO_S (count, (cpu_set_t *) set); + } + + void +-__gnat_cpu_set (int cpu, size_t count, cpu_set_t *set) ++__gnat_cpu_set (int cpu, size_t count, void *set) + { + /* Ada handles CPU numbers starting from 1, while C identifies the first + CPU by a 0, so we need to adjust. */ +- CPU_SET_S (cpu - 1, count, set); ++ CPU_SET_S (cpu - 1, count, (cpu_set_t *) set); + } + + #else /* !CPU_ALLOC */ + + /* Static cpu sets */ + +-cpu_set_t * ++void * + __gnat_cpu_alloc (size_t count ATTRIBUTE_UNUSED) + { +- return (cpu_set_t *) xmalloc (sizeof (cpu_set_t)); ++ return xmalloc (sizeof (cpu_set_t)); + } + + size_t +@@ -3116,23 +3119,23 @@ __gnat_cpu_alloc_size (size_t count ATTR + } + + void +-__gnat_cpu_free (cpu_set_t *set) ++__gnat_cpu_free (void *set) + { + free (set); + } + + void +-__gnat_cpu_zero (size_t count ATTRIBUTE_UNUSED, cpu_set_t *set) ++__gnat_cpu_zero (size_t count ATTRIBUTE_UNUSED, void *set) + { +- CPU_ZERO (set); ++ CPU_ZERO ((cpu_set_t *) set); + } + + void +-__gnat_cpu_set (int cpu, size_t count ATTRIBUTE_UNUSED, cpu_set_t *set) ++__gnat_cpu_set (int cpu, size_t count ATTRIBUTE_UNUSED, void *set) + { + /* Ada handles CPU numbers starting from 1, while C identifies the first + CPU by a 0, so we need to adjust. */ +- CPU_SET (cpu - 1, set); ++ CPU_SET (cpu - 1, (cpu_set_t *) set); + } + #endif /* !CPU_ALLOC */ + #endif /* linux */ +diff -rup gcc-5.1.0/gcc.orig/ada/adaint.h gcc-5.1.0/gcc/ada/adaint.h +--- gcc-5.1.0/gcc.orig/ada/adaint.h 2015-01-27 17:20:27.000000000 +0000 ++++ gcc-5.1.0/gcc/ada/adaint.h 2015-06-02 10:47:23.188910894 +0000 +@@ -287,13 +287,11 @@ extern void *__gnat_lwp_self (voi + + /* Routines for interface to required CPU set primitives */ + +-#include <sched.h> +- +-extern cpu_set_t *__gnat_cpu_alloc (size_t); ++extern void * __gnat_cpu_alloc (size_t); + extern size_t __gnat_cpu_alloc_size (size_t); +-extern void __gnat_cpu_free (cpu_set_t *); +-extern void __gnat_cpu_zero (size_t, cpu_set_t *); +-extern void __gnat_cpu_set (int, size_t, cpu_set_t *); ++extern void __gnat_cpu_free (void *); ++extern void __gnat_cpu_zero (size_t, void *); ++extern void __gnat_cpu_set (int, size_t, void *); + #endif + + #if defined (_WIN32) +diff -rup gcc-5.1.0/gcc.orig/ada/gcc-interface/Makefile.in gcc-5.1.0/gcc/ada/gcc-interface/Makefile.in +--- gcc-5.1.0/gcc.orig/ada/gcc-interface/Makefile.in 2015-04-09 20:29:28.000000000 +0000 ++++ gcc-5.1.0/gcc/ada/gcc-interface/Makefile.in 2015-06-02 10:47:23.188910894 +0000 +@@ -1910,7 +1910,7 @@ ifeq ($(strip $(filter-out powerpc% linu + endif + + # ARM linux, GNU eabi +-ifeq ($(strip $(filter-out arm% linux-gnueabi%,$(target_cpu) $(target_os))),) ++ifeq ($(strip $(filter-out arm% linux-gnueabi% linux-musleabi% linux-muslgnueabi%,$(target_cpu) $(target_os))),) + LIBGNAT_TARGET_PAIRS = \ + a-intnam.ads<a-intnam-linux.ads \ + s-inmaop.adb<s-inmaop-posix.adb \ diff --git a/system/gcc/ada-shared.patch b/system/gcc/ada-shared.patch new file mode 100644 index 000000000..6f1c16aff --- /dev/null +++ b/system/gcc/ada-shared.patch @@ -0,0 +1,30 @@ +Index: b/gcc/ada/link.c +=================================================================== +--- a/gcc/ada/link.c ++++ b/gcc/ada/link.c +@@ -105,9 +105,9 @@ + + #elif defined (__FreeBSD__) + const char *__gnat_object_file_option = "-Wl,@"; +-const char *__gnat_run_path_option = "-Wl,-rpath,"; +-char __gnat_shared_libgnat_default = STATIC; +-char __gnat_shared_libgcc_default = STATIC; ++const char *__gnat_run_path_option = ""; ++char __gnat_shared_libgnat_default = SHARED; ++char __gnat_shared_libgcc_default = SHARED; + int __gnat_link_max = 8192; + unsigned char __gnat_objlist_file_supported = 1; + const char *__gnat_object_library_extension = ".a"; +@@ -127,9 +127,9 @@ + + #elif defined (linux) || defined(__GLIBC__) + const char *__gnat_object_file_option = "-Wl,@"; +-const char *__gnat_run_path_option = "-Wl,-rpath,"; +-char __gnat_shared_libgnat_default = STATIC; +-char __gnat_shared_libgcc_default = STATIC; ++const char *__gnat_run_path_option = ""; ++char __gnat_shared_libgnat_default = SHARED; ++char __gnat_shared_libgcc_default = SHARED; + int __gnat_link_max = 8192; + unsigned char __gnat_objlist_file_supported = 1; + const char *__gnat_object_library_extension = ".a"; diff --git a/system/gcc/add-classic_table-support.patch b/system/gcc/add-classic_table-support.patch new file mode 100644 index 000000000..0f5e0f8e3 --- /dev/null +++ b/system/gcc/add-classic_table-support.patch @@ -0,0 +1,151 @@ +--- gcc-6.4.0/libstdc++-v3/config/os/generic/ctype_base.h.old 2016-01-04 08:30:50.652828000 -0600 ++++ gcc-6.4.0/libstdc++-v3/config/os/generic/ctype_base.h 2017-10-16 07:51:26.226276759 -0500 +@@ -40,19 +40,27 @@ + + // NB: Offsets into ctype<char>::_M_table force a particular size + // on the mask type. Because of this, we don't use an enum. +- typedef unsigned int mask; +- static const mask upper = 1 << 0; +- static const mask lower = 1 << 1; +- static const mask alpha = 1 << 2; +- static const mask digit = 1 << 3; +- static const mask xdigit = 1 << 4; +- static const mask space = 1 << 5; +- static const mask print = 1 << 6; +- static const mask graph = (1 << 2) | (1 << 3) | (1 << 9); // alnum|punct +- static const mask cntrl = 1 << 8; +- static const mask punct = 1 << 9; +- static const mask alnum = (1 << 2) | (1 << 3); // alpha|digit +- static const mask blank = 1 << 10; ++ typedef unsigned short int mask; ++/* horrible ugly code from glibc */ ++#ifndef _ISbit ++# if __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__ ++# define _ISbit(i) (1 << (i)) ++# else ++# define _ISbit(i) (i < 8 ? (1 << i << 8) : (1 << i >> 8)) ++# endif ++#endif ++ static const mask upper = _ISbit(0); ++ static const mask lower = _ISbit(1); ++ static const mask alpha = _ISbit(2); ++ static const mask digit = _ISbit(3); ++ static const mask xdigit = _ISbit(4); ++ static const mask space = _ISbit(5); ++ static const mask print = _ISbit(6); ++ static const mask graph = _ISbit(7); ++ static const mask cntrl = _ISbit(9); ++ static const mask punct = _ISbit(10); ++ static const mask alnum = _ISbit(11); ++ static const mask blank = _ISbit(8); + }; + + _GLIBCXX_END_NAMESPACE_VERSION +--- gcc-6.4.0/libstdc++-v3/config/os/generic/ctype_configure_char.cc.old 2016-01-04 08:30:50.652828000 -0600 ++++ gcc-6.4.0/libstdc++-v3/config/os/generic/ctype_configure_char.cc 2017-10-16 08:37:57.986260218 -0500 +@@ -40,7 +40,104 @@ + + const ctype_base::mask* + ctype<char>::classic_table() throw() +- { return 0; } ++ { ++ static ctype_base::mask mask[256] = { ++ cntrl, cntrl, cntrl, cntrl, cntrl, cntrl, cntrl, cntrl, ++ cntrl, cntrl | print | space, cntrl, cntrl, cntrl, cntrl | print, cntrl, cntrl, ++ cntrl, cntrl, cntrl, cntrl, cntrl, cntrl, cntrl, cntrl, ++ cntrl, cntrl, cntrl, cntrl, cntrl, cntrl, cntrl, cntrl, ++ print | space | blank, ++ print | punct | graph, print | punct | graph, ++ print | punct | graph, print | punct | graph, ++ print | punct | graph, print | punct | graph, ++ print | punct | graph, print | punct | graph, ++ print | punct | graph, print | punct | graph, ++ print | punct | graph, print | punct | graph, ++ print | punct | graph, print | punct | graph, ++ print | punct | graph, ++ print | graph | alnum | digit | xdigit, print | graph | alnum | digit | xdigit, ++ print | graph | alnum | digit | xdigit, print | graph | alnum | digit | xdigit, ++ print | graph | alnum | digit | xdigit, print | graph | alnum | digit | xdigit, ++ print | graph | alnum | digit | xdigit, print | graph | alnum | digit | xdigit, ++ print | graph | alnum | digit | xdigit, print | graph | alnum | digit | xdigit, ++ print | punct | graph, print | punct | graph, ++ print | graph, print | graph, print | graph, ++ print | punct | graph, print | graph, ++ print | graph | alnum | xdigit | alpha | upper, ++ print | graph | alnum | xdigit | alpha | upper, ++ print | graph | alnum | xdigit | alpha | upper, ++ print | graph | alnum | xdigit | alpha | upper, ++ print | graph | alnum | xdigit | alpha | upper, ++ print | graph | alnum | xdigit | alpha | upper, ++ print | graph | alnum | alpha | upper, ++ print | graph | alnum | alpha | upper, ++ print | graph | alnum | alpha | upper, ++ print | graph | alnum | alpha | upper, ++ print | graph | alnum | alpha | upper, ++ print | graph | alnum | alpha | upper, ++ print | graph | alnum | alpha | upper, ++ print | graph | alnum | alpha | upper, ++ print | graph | alnum | alpha | upper, ++ print | graph | alnum | alpha | upper, ++ print | graph | alnum | alpha | upper, ++ print | graph | alnum | alpha | upper, ++ print | graph | alnum | alpha | upper, ++ print | graph | alnum | alpha | upper, ++ print | graph | alnum | alpha | upper, ++ print | graph | alnum | alpha | upper, ++ print | graph | alnum | alpha | upper, ++ print | graph | alnum | alpha | upper, ++ print | graph | alnum | alpha | upper, ++ print | graph | alnum | alpha | upper, ++ print | graph, print | graph, print | graph, ++ print | graph, print | graph, print | graph, ++ print | graph | alnum | xdigit | alpha | lower, ++ print | graph | alnum | xdigit | alpha | lower, ++ print | graph | alnum | xdigit | alpha | lower, ++ print | graph | alnum | xdigit | alpha | lower, ++ print | graph | alnum | xdigit | alpha | lower, ++ print | graph | alnum | xdigit | alpha | lower, ++ print | graph | alnum | alpha | lower, ++ print | graph | alnum | alpha | lower, ++ print | graph | alnum | alpha | lower, ++ print | graph | alnum | alpha | lower, ++ print | graph | alnum | alpha | lower, ++ print | graph | alnum | alpha | lower, ++ print | graph | alnum | alpha | lower, ++ print | graph | alnum | alpha | lower, ++ print | graph | alnum | alpha | lower, ++ print | graph | alnum | alpha | lower, ++ print | graph | alnum | alpha | lower, ++ print | graph | alnum | alpha | lower, ++ print | graph | alnum | alpha | lower, ++ print | graph | alnum | alpha | lower, ++ print | graph | alnum | alpha | lower, ++ print | graph | alnum | alpha | lower, ++ print | graph | alnum | alpha | lower, ++ print | graph | alnum | alpha | lower, ++ print | graph | alnum | alpha | lower, ++ print | graph | alnum | alpha | lower, ++ print | graph, print | graph, print | graph, print | graph, ++ print, ++ cntrl, cntrl, cntrl, cntrl, cntrl, cntrl, cntrl, cntrl, ++ cntrl, cntrl, cntrl, cntrl, cntrl, cntrl, cntrl, cntrl, ++ cntrl, cntrl, cntrl, cntrl, cntrl, cntrl, cntrl, cntrl, ++ cntrl, cntrl, cntrl, cntrl, cntrl, cntrl, cntrl, cntrl, ++ cntrl, cntrl, cntrl, cntrl, cntrl, cntrl, cntrl, cntrl, ++ cntrl, cntrl, cntrl, cntrl, cntrl, cntrl, cntrl, cntrl, ++ cntrl, cntrl, cntrl, cntrl, cntrl, cntrl, cntrl, cntrl, ++ cntrl, cntrl, cntrl, cntrl, cntrl, cntrl, cntrl, cntrl, ++ cntrl, cntrl, cntrl, cntrl, cntrl, cntrl, cntrl, cntrl, ++ cntrl, cntrl, cntrl, cntrl, cntrl, cntrl, cntrl, cntrl, ++ cntrl, cntrl, cntrl, cntrl, cntrl, cntrl, cntrl, cntrl, ++ cntrl, cntrl, cntrl, cntrl, cntrl, cntrl, cntrl, cntrl, ++ cntrl, cntrl, cntrl, cntrl, cntrl, cntrl, cntrl, cntrl, ++ cntrl, cntrl, cntrl, cntrl, cntrl, cntrl, cntrl, cntrl, ++ cntrl, cntrl, cntrl, cntrl, cntrl, cntrl, cntrl, cntrl, ++ cntrl, cntrl, cntrl, cntrl, cntrl, cntrl, cntrl, cntrl ++ }; ++ return mask; ++ } + + ctype<char>::ctype(__c_locale, const mask* __table, bool __del, + size_t __refs) diff --git a/system/gcc/boehm-gc-musl.patch b/system/gcc/boehm-gc-musl.patch new file mode 100644 index 000000000..2f106cba1 --- /dev/null +++ b/system/gcc/boehm-gc-musl.patch @@ -0,0 +1,62 @@ +--- gcc-4.8.1/boehm-gc/os_dep.c.orig 2013-09-17 07:46:00.969884340 +0000 ++++ gcc-4.8.1/boehm-gc/os_dep.c 2013-09-17 06:53:53.629884946 +0000 +@@ -26,7 +26,7 @@ + # define __KERNEL__ + # include <asm/signal.h> + # undef __KERNEL__ +-# else ++# elif defined(__GLIBC__) + /* Kernels prior to 2.1.1 defined struct sigcontext_struct instead of */ + /* struct sigcontext. libc6 (glibc2) uses "struct sigcontext" in */ + /* prototypes, so we have to include the top-level sigcontext.h to */ +--- gcc-4.8.2/boehm-gc/dyn_load.c.orig 2014-02-17 14:13:09.519850231 +0200 ++++ gcc-4.8.2/boehm-gc/dyn_load.c 2014-02-17 14:14:27.906093514 +0200 +@@ -459,9 +459,7 @@ + /* For glibc 2.2.4+. Unfortunately, it doesn't work for older */ + /* versions. Thanks to Jakub Jelinek for most of the code. */ + +-# if (defined(LINUX) || defined (__GLIBC__)) /* Are others OK here, too? */ \ +- && (__GLIBC__ > 2 || (__GLIBC__ == 2 && __GLIBC_MINOR__ > 2) \ +- || (__GLIBC__ == 2 && __GLIBC_MINOR__ == 2 && defined(DT_CONFIG))) ++# if (defined(LINUX) || defined (__GLIBC__)) + + /* We have the header files for a glibc that includes dl_iterate_phdr. */ + /* It may still not be available in the library on the target system. */ +--- gcc-4.8.2/boehm-gc/include/private/gcconfig.h.orig 2014-02-17 14:14:36.026049422 +0200 ++++ gcc-4.8.2/boehm-gc/include/private/gcconfig.h 2014-02-17 14:17:11.345207887 +0200 +@@ -684,7 +684,7 @@ + # ifdef __ELF__ + # define DYNAMIC_LOADING + # include <features.h> +-# if defined(__GLIBC__)&& __GLIBC__>=2 ++# if 1 + # define SEARCH_FOR_DATA_START + # else /* !GLIBC2 */ + extern char **__environ; +@@ -1147,7 +1147,7 @@ + # define DATASTART ((ptr_t)((((word) (_etext)) + 0xfff) & ~0xfff)) + # endif + # include <features.h> +-# if defined(__GLIBC__) && __GLIBC__ >= 2 ++# if 1 + # define SEARCH_FOR_DATA_START + # else + extern char **__environ; +@@ -1367,7 +1367,7 @@ + # define HBLKSIZE 4096 + # endif + # define USE_GENERIC_PUSH_REGS +-# if __GLIBC__ == 2 && __GLIBC_MINOR__ >= 2 || __GLIBC__ > 2 ++# if 1 + # define LINUX_STACKBOTTOM + # else + # define STACKBOTTOM 0x80000000 +@@ -1858,7 +1858,7 @@ + # ifdef __ELF__ + # define DYNAMIC_LOADING + # include <features.h> +-# if defined(__GLIBC__) && __GLIBC__ >= 2 ++# if 1 + # define SEARCH_FOR_DATA_START + # else + extern char **__environ; diff --git a/system/gcc/fix-cxxflags-passing.patch b/system/gcc/fix-cxxflags-passing.patch new file mode 100644 index 000000000..8eb1de77d --- /dev/null +++ b/system/gcc/fix-cxxflags-passing.patch @@ -0,0 +1,10 @@ +--- gcc-4.8.1/Makefile.in.orig ++++ gcc-4.8.1/Makefile.in +@@ -169,6 +169,7 @@ + # built for the build system to override those in BASE_FLAGS_TO_PASSS. + EXTRA_BUILD_FLAGS = \ + CFLAGS="$(CFLAGS_FOR_BUILD)" \ ++ CXXFLAGS="$(CXXFLAGS_FOR_BUILD)" \ + LDFLAGS="$(LDFLAGS_FOR_BUILD)" + + # This is the list of directories to built for the host system. diff --git a/system/gcc/fix-gcj-iconv-musl.patch b/system/gcc/fix-gcj-iconv-musl.patch new file mode 100644 index 000000000..b0015751e --- /dev/null +++ b/system/gcc/fix-gcj-iconv-musl.patch @@ -0,0 +1,120 @@ +--- gcc-4.8.2/libjava/gnu/gcj/convert/natIconv.cc.orig 2014-02-18 18:46:14.897880526 +0200 ++++ gcc-4.8.2/libjava/gnu/gcj/convert/natIconv.cc 2014-02-18 18:50:08.766613550 +0200 +@@ -24,6 +24,13 @@ + + #ifdef HAVE_ICONV + #include <iconv.h> ++#include <endian.h> ++ ++#if __BYTE_ORDER == __BIG_ENDIAN ++#define UCS2_CHARSET "UCS-2BE" ++#else ++#define UCS2_CHARSET "UCS-2LE" ++#endif + + template<typename T> + static inline size_t +@@ -45,7 +52,7 @@ + _Jv_GetStringUTFRegion (encoding, 0, encoding->length(), buffer); + buffer[len] = '\0'; + +- iconv_t h = iconv_open ("UCS-2", buffer); ++ iconv_t h = iconv_open (UCS2_CHARSET, buffer); + if (h == (iconv_t) -1) + throw new ::java::io::UnsupportedEncodingException (encoding); + +@@ -99,18 +106,6 @@ + throw new ::java::io::CharConversionException (); + } + +- if (iconv_byte_swap) +- { +- size_t max = (old_out - outavail) / sizeof (jchar); +- for (size_t i = 0; i < max; ++i) +- { +- // Byte swap. +- jchar c = (((out[outpos + i] & 0xff) << 8) +- | ((out[outpos + i] >> 8) & 0xff)); +- outbuf[i] = c; +- } +- } +- + inpos += old_in - inavail; + return (old_out - outavail) / sizeof (jchar); + #else /* HAVE_ICONV */ +@@ -145,7 +140,7 @@ + _Jv_GetStringUTFRegion (encoding, 0, encoding->length(), buffer); + buffer[len] = '\0'; + +- iconv_t h = iconv_open (buffer, "UCS-2"); ++ iconv_t h = iconv_open (buffer, UCS2_CHARSET); + if (h == (iconv_t) -1) + throw new ::java::io::UnsupportedEncodingException (encoding); + +@@ -187,20 +182,6 @@ + char *inbuf = (char *) &chars[inpos]; + char *outbuf = (char *) &out[count]; + +- if (iconv_byte_swap) +- { +- // Ugly performance penalty -- don't use losing systems! +- temp_buffer = (jchar *) _Jv_Malloc (inlength * sizeof (jchar)); +- for (int i = 0; i < inlength; ++i) +- { +- // Byte swap. +- jchar c = (((chars[inpos + i] & 0xff) << 8) +- | ((chars[inpos + i] >> 8) & 0xff)); +- temp_buffer[i] = c; +- } +- inbuf = (char *) temp_buffer; +- } +- + size_t loop_old_in = old_in; + while (1) + { +@@ -252,44 +233,7 @@ + jboolean + gnu::gcj::convert::IOConverter::iconv_init (void) + { +- // Some versions of iconv() always return their UCS-2 results in +- // big-endian order, and they also require UCS-2 inputs to be in +- // big-endian order. For instance, glibc 2.1.3 does this. If the +- // UTF-8=>UCS-2 iconv converter has this feature, then we assume +- // that all UCS-2 converters do. (This might not be the best +- // heuristic, but is is all we've got.) +- jboolean result = false; +-#ifdef HAVE_ICONV +- iconv_t handle = iconv_open ("UCS-2", "UTF-8"); +- if (handle != (iconv_t) -1) +- { +- jchar c; +- unsigned char in[4]; +- char *inp, *outp; +- size_t inc, outc, r; +- +- // This is the UTF-8 encoding of \ufeff. At least Tru64 UNIX libiconv +- // needs the trailing NUL byte, otherwise iconv fails with EINVAL. +- in[0] = 0xef; +- in[1] = 0xbb; +- in[2] = 0xbf; +- in[3] = 0x00; +- +- inp = (char *) in; +- inc = 4; +- outp = (char *) &c; +- outc = 2; +- +- r = iconv_adapter (iconv, handle, &inp, &inc, &outp, &outc); +- // Conversion must be complete for us to use the result. +- if (r != (size_t) -1 && inc == 0 && outc == 0) +- result = (c != 0xfeff); +- +- // Release iconv handle. +- iconv_close (handle); +- } +-#endif /* HAVE_ICONV */ +- return result; ++ return false; + } + + void diff --git a/system/gcc/fix-gcj-musl.patch b/system/gcc/fix-gcj-musl.patch new file mode 100644 index 000000000..d26f510c0 --- /dev/null +++ b/system/gcc/fix-gcj-musl.patch @@ -0,0 +1,49 @@ +--- gcc-4.8.2/libjava/gnu/classpath/natSystemProperties.cc.orig 2014-02-18 10:55:08.617678779 +0200 ++++ gcc-4.8.2/libjava/gnu/classpath/natSystemProperties.cc 2014-02-18 10:56:31.927227453 +0200 +@@ -289,7 +289,7 @@ + // just default to `en_US'. + setlocale (LC_ALL, ""); + char *locale = setlocale (LC_MESSAGES, ""); +- if (locale && strlen (locale) >= 2) ++ if (locale && strlen (locale) >= 2 && (locale[2] == '\0' || locale[2] == '_')) + { + char buf[3]; + buf[2] = '\0'; +--- gcc-4.8.2/libjava/posix-threads.cc.orig 2014-02-18 13:22:01.789933726 +0200 ++++ gcc-4.8.2/libjava/posix-threads.cc 2014-02-18 13:29:50.924058875 +0200 +@@ -657,6 +657,7 @@ + struct sched_param param; + pthread_attr_t attr; + struct starter *info; ++ size_t ss; + + if (data->flags & FLAG_START) + return; +@@ -675,8 +676,25 @@ + // Set stack size if -Xss option was given. + if (gcj::stack_size > 0) + { +- int e = pthread_attr_setstacksize (&attr, gcj::stack_size); ++ ss = gcj::stack_size; ++ } ++ else ++ { ++ int e = pthread_attr_getstacksize (&attr, &ss); ++ if (e != 0) ++ JvFail (strerror (e)); ++ ++ // Request at least 1meg of stack ++ if (ss >= 1024 * 1024) ++ ss = 0; ++ else ++ ss = 1024 * 1024; ++ } ++ ++ if (ss) ++ { ++ int e = pthread_attr_setstacksize (&attr, ss); + if (e != 0) + JvFail (strerror (e)); + } + + info = (struct starter *) _Jv_AllocBytes (sizeof (struct starter)); diff --git a/system/gcc/fix-gcj-stdgnu14-link.patch b/system/gcc/fix-gcj-stdgnu14-link.patch new file mode 100644 index 000000000..2b2ce0fa5 --- /dev/null +++ b/system/gcc/fix-gcj-stdgnu14-link.patch @@ -0,0 +1,35 @@ +--- gcc-6.1.0/libjava/Makefile.am ++++ gcc-6.1.0/libjava/Makefile.am +@@ -488,10 +488,14 @@ + nat_files = $(nat_source_files:.cc=.lo) + xlib_nat_files = $(xlib_nat_source_files:.cc=.lo) + ++libgcj_la_CPPFLAGS = \ ++ $(AM_CPPFLAGS) \ ++ $(LIBSTDCXX_RAW_CXX_CXXFLAGS) ++ + # Include THREADLIBS here to ensure that the correct version of + # certain linuxthread functions get linked: + ## The mysterious backslash in the grep pattern is consumed by make. +-libgcj_la_LDFLAGS = -rpath $(toolexeclibdir) $(THREADLDFLAGS) $(extra_ldflags) $(THREADLIBS) \ ++libgcj_la_LDFLAGS = $(LIBSTDCXX_RAW_CXX_LDFLAGS) -rpath $(toolexeclibdir) $(THREADLDFLAGS) $(extra_ldflags) $(THREADLIBS) \ + $(LIBLTDL) $(SYS_ZLIBS) $(LIBJAVA_LDFLAGS_NOUNDEF) \ + -version-info `grep -v '^\#' $(srcdir)/libtool-version` \ + $(LIBGCJ_LD_SYMBOLIC_FUNCTIONS) $(LIBGCJ_LD_EXPORT_ALL) +--- gcc-6.1.0/libjava/Makefile.in ++++ gcc-6.1.0/libjava/Makefile.in +@@ -1103,9 +1103,13 @@ + nat_files = $(nat_source_files:.cc=.lo) + xlib_nat_files = $(xlib_nat_source_files:.cc=.lo) + ++libgcj_la_CPPFLAGS = \ ++ $(AM_CPPFLAGS) \ ++ $(LIBSTDCXX_RAW_CXX_CXXFLAGS) ++ + # Include THREADLIBS here to ensure that the correct version of + # certain linuxthread functions get linked: +-libgcj_la_LDFLAGS = -rpath $(toolexeclibdir) $(THREADLDFLAGS) $(extra_ldflags) $(THREADLIBS) \ ++libgcj_la_LDFLAGS = $(LIBSTDCXX_RAW_CXX_LDFLAGS) -rpath $(toolexeclibdir) $(THREADLDFLAGS) $(extra_ldflags) $(THREADLIBS) \ + $(LIBLTDL) $(SYS_ZLIBS) $(LIBJAVA_LDFLAGS_NOUNDEF) \ + -version-info `grep -v '^\#' $(srcdir)/libtool-version` \ + $(LIBGCJ_LD_SYMBOLIC_FUNCTIONS) $(LIBGCJ_LD_EXPORT_ALL) diff --git a/system/gcc/fix-rs6000-pie.patch b/system/gcc/fix-rs6000-pie.patch new file mode 100644 index 000000000..1fbc31a56 --- /dev/null +++ b/system/gcc/fix-rs6000-pie.patch @@ -0,0 +1,59 @@ +--- gcc-6.3.0.orig/gcc/config/rs6000/sysv4.h ++++ gcc-6.3.0/gcc/config/rs6000/sysv4.h +@@ -753,23 +753,42 @@ + #endif + + #ifdef HAVE_LD_PIE +-#define STARTFILE_LINUX_SPEC "\ +-%{!shared: %{pg|p|profile:gcrt1.o%s;pie:Scrt1.o%s;:crt1.o%s}} \ +-%{mnewlib:ecrti.o%s;:crti.o%s} \ +-%{static:crtbeginT.o%s;shared|pie:crtbeginS.o%s;:crtbegin.o%s} \ +-" CRTOFFLOADBEGIN ++#define STARTFILE_LINUX_SPEC \ ++ "%{!shared: %{pg|p|profile:gcrt1.o%s;: \ ++ %{" PIE_SPEC ":%{static:rcrt1.o%s;:Scrt1.o%s}} %{" NO_PIE_SPEC ":crt1.o%s}}} \ ++ crti.o%s %{shared:crtbeginS.o%s;: \ ++ %{" PIE_SPEC ":crtbeginS.o%s} \ ++ %{" NO_PIE_SPEC ":%{static:crtbeginT.o%s;:crtbegin.o%s}}} \ ++ %{fvtable-verify=none:%s; \ ++ fvtable-verify=preinit:vtv_start_preinit.o%s; \ ++ fvtable-verify=std:vtv_start.o%s} \ ++ " CRTOFFLOADBEGIN + #else +-#define STARTFILE_LINUX_SPEC "\ +-%{!shared: %{pg|p|profile:gcrt1.o%s;:crt1.o%s}} \ +-%{mnewlib:ecrti.o%s;:crti.o%s} \ +-%{static:crtbeginT.o%s;shared|pie:crtbeginS.o%s;:crtbegin.o%s} \ +-" CRTOFFLOADBEGIN ++#define STARTFILE_LINUX_SPEC \ ++ "%{!shared: %{pg|p|profile:gcrt1.o%s;:crt1.o%s}} \ ++ crti.o%s %{static:crtbeginT.o%s;shared|pie:crtbeginS.o%s;:crtbegin.o%s} \ ++ %{fvtable-verify=none:%s; \ ++ fvtable-verify=preinit:vtv_start_preinit.o%s; \ ++ fvtable-verify=std:vtv_start.o%s} \ ++ " CRTOFFLOADBEGIN + #endif + +-#define ENDFILE_LINUX_SPEC "\ +-%{shared|pie:crtendS.o%s;:crtend.o%s} \ +-%{mnewlib:ecrtn.o%s;:crtn.o%s} \ +-" CRTOFFLOADEND ++#ifdef HAVE_LD_PIE ++#define ENDFILE_LINUX_SPEC \ ++ "%{fvtable-verify=none:%s; \ ++ fvtable-verify=preinit:vtv_end_preinit.o%s; \ ++ fvtable-verify=std:vtv_end.o%s} \ ++ %{shared:crtendS.o%s;: %{" PIE_SPEC ":crtendS.o%s} \ ++ %{" NO_PIE_SPEC ":crtend.o%s}} crtn.o%s \ ++ " CRTOFFLOADEND ++#else ++#define ENDFILE_LINUX_SPEC \ ++ "%{fvtable-verify=none:%s; \ ++ fvtable-verify=preinit:vtv_end_preinit.o%s; \ ++ fvtable-verify=std:vtv_end.o%s} \ ++ %{shared|pie:crtendS.o%s;:crtend.o%s} crtn.o%s \ ++ " CRTOFFLOADEND ++#endif + + #define LINK_START_LINUX_SPEC "" + diff --git a/system/gcc/gcc-4.8-build-args.patch b/system/gcc/gcc-4.8-build-args.patch new file mode 100644 index 000000000..c27e00961 --- /dev/null +++ b/system/gcc/gcc-4.8-build-args.patch @@ -0,0 +1,41 @@ +When cross compiling a target gcc, target flags may be used on the host + +Configure identifies a number of warning flags (WARN_CFLAGS and +WARN_CXXFLAGS) from the $CC value. The cross compiler may be different +from the host compiler and may not support the same set of flags. This +leads to problems such as: + +cc1plus: error: unrecognized command line option "-Wno-narrowing" +cc1plus: error: unrecognized command line option "-Wno-overlength-strings" + +Work around this problem by removing the warning flags from the +BUILD_CXXFLAGS value, in a way similar to the BUILD_CFLAGS. + +Upstream-Status: Pending + +Signed-off-by: Mark Hatle <mark.hatle@windriver.com> + +Index: gcc-4.8.0/gcc/configure +=================================================================== +--- gcc-4.8.0.orig/gcc/configure ++++ gcc-4.8.0/gcc/configure +@@ -11720,6 +10581,7 @@ STMP_FIXINC=stmp-fixinc + if test x$build != x$host || test "x$coverage_flags" != x + then + BUILD_CFLAGS='$(INTERNAL_CFLAGS) $(T_CFLAGS) $(CFLAGS_FOR_BUILD)' ++ BUILD_CXXFLAGS='$(INTERNAL_CFLAGS) $(T_CFLAGS) $(CFLAGS_FOR_BUILD)' + BUILD_LDFLAGS='$(LDFLAGS_FOR_BUILD)' + fi + +Index: gcc-4.8.0/gcc/configure.ac +=================================================================== +--- gcc-4.8.0.orig/gcc/configure.ac ++++ gcc-4.8.0/gcc/configure.ac +@@ -1901,6 +1901,7 @@ STMP_FIXINC=stmp-fixinc AC_SUBST(STMP_F + if test x$build != x$host || test "x$coverage_flags" != x + then + BUILD_CFLAGS='$(INTERNAL_CFLAGS) $(T_CFLAGS) $(CFLAGS_FOR_BUILD)' ++ BUILD_CXXFLAGS='$(INTERNAL_CFLAGS) $(T_CFLAGS) $(CFLAGS_FOR_BUILD)' + BUILD_LDFLAGS='$(LDFLAGS_FOR_BUILD)' + fi + diff --git a/system/gcc/gcc-4.9-musl-fortify.patch b/system/gcc/gcc-4.9-musl-fortify.patch new file mode 100644 index 000000000..daae954c8 --- /dev/null +++ b/system/gcc/gcc-4.9-musl-fortify.patch @@ -0,0 +1,11 @@ +--- gcc-4.9.2/gcc/config/linux.h.orig 2015-03-09 13:27:13.289736710 +0000 ++++ gcc-4.9.2/gcc/config/linux.h 2015-03-09 13:29:32.295625046 +0000 +@@ -146,6 +146,8 @@ + + #ifdef NATIVE_SYSTEM_HEADER_DIR + #define INCLUDE_DEFAULTS_MUSL_NATIVE \ ++ { NATIVE_SYSTEM_HEADER_DIR "/fortify", 0, 0, 0, 1, 2 }, \ ++ { NATIVE_SYSTEM_HEADER_DIR "/fortify", 0, 0, 0, 1, 0 }, \ + { NATIVE_SYSTEM_HEADER_DIR, 0, 0, 0, 1, 2 }, \ + { NATIVE_SYSTEM_HEADER_DIR, 0, 0, 0, 1, 0 }, + #else diff --git a/system/gcc/gcc-6.1-musl-libssp.patch b/system/gcc/gcc-6.1-musl-libssp.patch new file mode 100644 index 000000000..fe5c61434 --- /dev/null +++ b/system/gcc/gcc-6.1-musl-libssp.patch @@ -0,0 +1,20 @@ +Author: Timo Teräs <timo.teras@iki.fi> + +Alpine musl package provides libssp_nonshared.a. We link to it unconditionally, +as otherwise we get link failures if some objects are -fstack-protector built +and final link happens with -fno-stack-protector. This seems to be the common +case when bootstrapping gcc, the piepatches do not seem to fully fix the +crosstoolchain and bootstrap sequence wrt. stack-protector flag usage. + +--- gcc-6.1.0/gcc/gcc.c.orig ++++ gcc-6.1.0/gcc/gcc.c +@@ -870,8 +870,7 @@ + + #ifndef LINK_SSP_SPEC + #ifdef TARGET_LIBC_PROVIDES_SSP +-#define LINK_SSP_SPEC "%{fstack-protector|fstack-protector-all" \ +- "|fstack-protector-strong|fstack-protector-explicit:}" ++#define LINK_SSP_SPEC "-lssp_nonshared" + #else + #define LINK_SSP_SPEC "%{fstack-protector|fstack-protector-all" \ + "|fstack-protector-strong|fstack-protector-explicit" \ diff --git a/system/gcc/gcc-pure64.patch b/system/gcc/gcc-pure64.patch new file mode 100644 index 000000000..2c350fe5a --- /dev/null +++ b/system/gcc/gcc-pure64.patch @@ -0,0 +1,89 @@ +--- ./gcc/config/i386/t-linux64.orig 2013-01-14 16:32:37.000000000 +0000 ++++ ./gcc/config/i386/t-linux64 2013-04-22 06:12:32.984439677 +0000 +@@ -34,6 +34,6 @@ + comma=, + MULTILIB_OPTIONS = $(subst $(comma),/,$(TM_MULTILIB_CONFIG)) + MULTILIB_DIRNAMES = $(patsubst m%, %, $(subst /, ,$(MULTILIB_OPTIONS))) +-MULTILIB_OSDIRNAMES = m64=../lib64$(call if_multiarch,:x86_64-linux-gnu) +-MULTILIB_OSDIRNAMES+= m32=$(if $(wildcard $(shell echo $(SYSTEM_HEADER_DIR))/../../usr/lib32),../lib32,../lib)$(call if_multiarch,:i386-linux-gnu) ++MULTILIB_OSDIRNAMES = m64=../lib ++MULTILIB_OSDIRNAMES+= m32=../lib32 + MULTILIB_OSDIRNAMES+= mx32=../libx32$(call if_multiarch,:x86_64-linux-gnux32) +--- ./gcc/config/aarch64/t-aarch64-linux.orig ++++ ./gcc/config/aarch64/t-aarch64-linux +@@ -22,7 +22,7 @@ + LIB1ASMFUNCS = _aarch64_sync_cache_range + + AARCH_BE = $(if $(findstring TARGET_BIG_ENDIAN_DEFAULT=1, $(tm_defines)),_be) +-MULTILIB_OSDIRNAMES = mabi.lp64=../lib64$(call if_multiarch,:aarch64$(AARCH_BE)-linux-gnu) ++MULTILIB_OSDIRNAMES = mabi.lp64=../lib + MULTIARCH_DIRNAME = $(call if_multiarch,aarch64$(AARCH_BE)-linux-gnu) + + MULTILIB_OSDIRNAMES += mabi.ilp32=../libilp32 +--- ./gcc/config/s390/t-linux64.orig ++++ ./gcc/config/s390/t-linux64 +@@ -7,5 +7,5 @@ + MULTILIB_OPTIONS = m64/m31 + MULTILIB_DIRNAMES = 64 32 +-MULTILIB_OSDIRNAMES = ../lib64$(call if_multiarch,:s390x-linux-gnu) +-MULTILIB_OSDIRNAMES += $(if $(wildcard $(shell echo $(SYSTEM_HEADER_DIR))/../../usr/lib32),../lib32,../lib)$(call if_multiarch,:s390-linux-gnu) ++MULTILIB_OSDIRNAMES = m64=../lib ++MULTILIB_OSDIRNAMES+= m32=../lib32 + +--- ./gcc/config/rs6000/t-linux.orig ++++ ./gcc/config/rs6000/t-linux +@@ -2,7 +2,8 @@ + # or soft-float. + ifeq (,$(filter $(with_cpu),$(SOFT_FLOAT_CPUS))$(findstring soft,$(with_float))) + ifneq (,$(findstring powerpc64,$(target))) +-MULTILIB_OSDIRNAMES := .=../lib64$(call if_multiarch,:powerpc64-linux-gnu) ++MULTILIB_OSDIRNAMES := m64=../lib ++MULTILIB_OSDIRNAMES += m32=../lib32 + else + ifneq (,$(findstring spe,$(target))) + MULTIARCH_DIRNAME := powerpc-linux-gnuspe$(if $(findstring 8548,$(with_cpu)),,v1) +@@ -14,7 +15,8 @@ + MULTIARCH_DIRNAME := $(subst -linux,le-linux,$(MULTIARCH_DIRNAME)) + endif + ifneq (,$(findstring powerpc64le,$(target))) +-MULTILIB_OSDIRNAMES := $(subst -linux,le-linux,$(MULTILIB_OSDIRNAMES)) ++MULTILIB_OSDIRNAMES := m64=../lib ++MULTILIB_OSDIRNAMES += m32=../lib32 + endif + endif + +--- ./gcc/config/rs6000/t-linux64.orig ++++ ./gcc/config/rs6000/t-linux64 +@@ -28,8 +28,8 @@ + MULTILIB_OPTIONS := m64/m32 + MULTILIB_DIRNAMES := 64 32 + MULTILIB_EXTRA_OPTS := +-MULTILIB_OSDIRNAMES := m64=../lib64$(call if_multiarch,:powerpc64-linux-gnu) +-MULTILIB_OSDIRNAMES += m32=$(if $(wildcard $(shell echo $(SYSTEM_HEADER_DIR))/../../usr/lib32),../lib32,../lib)$(call if_multiarch,:powerpc-linux-gnu) ++MULTILIB_OSDIRNAMES := m64=../lib ++MULTILIB_OSDIRNAMES += m32=../lib32 + + rs6000-linux.o: $(srcdir)/config/rs6000/rs6000-linux.c + $(COMPILE) $< +--- ./gcc/config/rs6000/t-linux64bele.orig ++++ ./gcc/config/rs6000/t-linux64bele +@@ -2,6 +2,6 @@ + + MULTILIB_OPTIONS += mlittle + MULTILIB_DIRNAMES += le +-MULTILIB_OSDIRNAMES += $(subst =,.mlittle=,$(subst lible32,lib32le,$(subst lible64,lib64le,$(subst lib,lible,$(subst -linux,le-linux,$(MULTILIB_OSDIRNAMES)))))) +-MULTILIB_OSDIRNAMES += $(subst $(if $(findstring 64,$(target)),m64,m32).,,$(filter $(if $(findstring 64,$(target)),m64,m32).mlittle%,$(MULTILIB_OSDIRNAMES))) ++MULTILIB_OSDIRNAMES = m64=../lib ++MULTILIB_OSDIRNAMES+= m32=../lib32 + MULTILIB_MATCHES := ${MULTILIB_MATCHES_ENDIAN} +--- ./gcc/config/rs6000/t-linux64lebe.orig ++++ ./gcc/config/rs6000/t-linux64lebe +@@ -2,6 +2,6 @@ + + MULTILIB_OPTIONS += mbig + MULTILIB_DIRNAMES += be +-MULTILIB_OSDIRNAMES += $(subst =,.mbig=,$(subst libbe32,lib32be,$(subst libbe64,lib64be,$(subst lib,libbe,$(subst le-linux,-linux,$(MULTILIB_OSDIRNAMES)))))) +-MULTILIB_OSDIRNAMES += $(subst $(if $(findstring 64,$(target)),m64,m32).,,$(filter $(if $(findstring 64,$(target)),m64,m32).mbig%,$(MULTILIB_OSDIRNAMES))) ++MULTILIB_OSDIRNAMES := m64=../lib ++MULTILIB_OSDIRNAMES += m32=../lib32 + MULTILIB_MATCHES := ${MULTILIB_MATCHES_ENDIAN} diff --git a/system/gcc/libgcc-always-build-gcceh.a.patch b/system/gcc/libgcc-always-build-gcceh.a.patch new file mode 100644 index 000000000..74ae89730 --- /dev/null +++ b/system/gcc/libgcc-always-build-gcceh.a.patch @@ -0,0 +1,39 @@ +Highly inspired by: + http://landley.net/hg/aboriginal/file/7e0747a665ab/sources/patches/gcc-core-libgcceh.patch + +diff -durN gcc-4.6.0.orig/libgcc/Makefile.in gcc-4.6.0/libgcc/Makefile.in +--- gcc-4.6.0.orig/libgcc/Makefile.in 2011-01-26 05:19:58.000000000 +0100 ++++ gcc-4.6.0/libgcc/Makefile.in 2011-09-12 18:17:12.743718974 +0200 +@@ -772,8 +772,9 @@ + libgcc_s$(SHLIB_EXT): libunwind$(SHLIB_EXT) + endif + ++all: libgcc_eh.a + ifeq ($(enable_shared),yes) +-all: libgcc_eh.a libgcc_s$(SHLIB_EXT) ++all: libgcc_s$(SHLIB_EXT) + ifneq ($(LIBUNWIND),) + all: libunwind$(SHLIB_EXT) + endif +@@ -950,10 +951,6 @@ + install-shared: + $(mkinstalldirs) $(DESTDIR)$(inst_libdir) + +- $(INSTALL_DATA) libgcc_eh.a $(DESTDIR)$(inst_libdir)/ +- chmod 644 $(DESTDIR)$(inst_libdir)/libgcc_eh.a +- $(RANLIB) $(DESTDIR)$(inst_libdir)/libgcc_eh.a +- + $(subst @multilib_dir@,$(MULTIDIR),$(subst \ + @shlib_base_name@,libgcc_s,$(subst \ + @shlib_slibdir_qual@,$(MULTIOSSUBDIR),$(SHLIB_INSTALL)))) +@@ -968,6 +965,10 @@ + chmod 644 $(DESTDIR)$(inst_libdir)/libgcov.a + $(RANLIB) $(DESTDIR)$(inst_libdir)/libgcov.a + ++ $(INSTALL_DATA) libgcc_eh.a $(DESTDIR)$(inst_libdir)/ ++ chmod 644 $(DESTDIR)$(inst_libdir)/libgcc_eh.a ++ $(RANLIB) $(DESTDIR)$(inst_libdir)/libgcc_eh.a ++ + parts="$(INSTALL_PARTS)"; \ + for file in $$parts; do \ + rm -f $(DESTDIR)$(inst_libdir)/$$file; \ diff --git a/system/libarchive/APKBUILD b/system/libarchive/APKBUILD new file mode 100644 index 000000000..f7d4aa2c4 --- /dev/null +++ b/system/libarchive/APKBUILD @@ -0,0 +1,56 @@ +# Contributor: Sergei Lukin <sergej.lukin@gmail.com> +# Maintainer: Natanael Copa <ncopa@alpinelinux.org> +pkgname=libarchive +pkgver=3.3.2 +pkgrel=2 +pkgdesc="library that can create and read several streaming archive formats" +url="http://libarchive.org/" +arch="all" +license="BSD" +makedepends="zlib-dev bzip2-dev xz-dev lz4-dev acl-dev openssl-dev expat-dev attr-dev" +subpackages="$pkgname-dev $pkgname-doc $pkgname-tools" +source="http://www.libarchive.org/downloads/$pkgname-$pkgver.tar.gz + penis.patch + CVE-2017-14166.patch" +options="!check" # needs EUC-JP and KOI8R support in iconv +builddir="$srcdir/$pkgname-$pkgver" + +# secfixes: +# 3.3.2-r1: +# - CVE-2017-14166 + +build () { + cd "$builddir" + ./configure \ + --build=$CBUILD \ + --host=$CHOST \ + --prefix=/usr \ + --with-expat \ + --without-xml2 \ + --with-bz2lib \ + --with-zlib \ + --with-lzma \ + --with-lz4 \ + --enable-acl \ + --enable-xattr \ + ac_cv_header_linux_fiemap_h=no + make +} + +package() { + cd "$builddir" + make DESTDIR="$pkgdir" install +} + +tools() { + pkgdesc="libarchive tools - bsdtar and bsdcpio" + + mkdir -p "$subpkgdir"/usr/ + mv "$pkgdir"/usr/bin "$subpkgdir"/usr/ + ln -s bsdtar "$subpkgdir"/usr/bin/tar + ln -s bsdcpio "$subpkgdir"/usr/bin/cpio +} + +sha512sums="1e538cd7d492f54b11c16c56f12c1632ba14302a3737ec0db786272aec0c8020f1e27616a7654d57e26737e5ed9bfc9a62f1fdda61a95c39eb726aa7c2f673e4 libarchive-3.3.2.tar.gz +3de98af0f97063999a6a06bb7a3d8cfa10b350237497eaf25a990178fe7ff74355445deb21ec9e883faad8ffc7f4e008cd9ac916be63c79b3f4ed2d5741e4336 penis.patch +7cc9dbafd970c07fb4421b7a72a075cc0a000db77df4432222539c58625c93c45f01a144838b551980bc0c6dc5b4c3ab852eb1433006c3174581ba0897010dbe CVE-2017-14166.patch" diff --git a/system/libarchive/CVE-2017-14166.patch b/system/libarchive/CVE-2017-14166.patch new file mode 100644 index 000000000..b729ae41e --- /dev/null +++ b/system/libarchive/CVE-2017-14166.patch @@ -0,0 +1,36 @@ +From fa7438a0ff4033e4741c807394a9af6207940d71 Mon Sep 17 00:00:00 2001 +From: Joerg Sonnenberger <joerg@bec.de> +Date: Tue, 5 Sep 2017 18:12:19 +0200 +Subject: [PATCH] Do something sensible for empty strings to make fuzzers + happy. + +--- + libarchive/archive_read_support_format_xar.c | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +diff --git a/libarchive/archive_read_support_format_xar.c b/libarchive/archive_read_support_format_xar.c +index 7a22beb9d..93eeacc5e 100644 +--- a/libarchive/archive_read_support_format_xar.c ++++ b/libarchive/archive_read_support_format_xar.c +@@ -1040,6 +1040,9 @@ atol10(const char *p, size_t char_cnt) + uint64_t l; + int digit; + ++ if (char_cnt == 0) ++ return (0); ++ + l = 0; + digit = *p - '0'; + while (digit >= 0 && digit < 10 && char_cnt-- > 0) { +@@ -1054,7 +1057,10 @@ atol8(const char *p, size_t char_cnt) + { + int64_t l; + int digit; +- ++ ++ if (char_cnt == 0) ++ return (0); ++ + l = 0; + while (char_cnt-- > 0) { + if (*p >= '0' && *p <= '7') diff --git a/system/libarchive/penis.patch b/system/libarchive/penis.patch new file mode 100644 index 000000000..c3745979e --- /dev/null +++ b/system/libarchive/penis.patch @@ -0,0 +1,11 @@ +--- libarchive-3.3.1/libarchive/archive_read_disk_entry_from_file.c.old 2017-02-25 17:37:08.000000000 +0000 ++++ libarchive-3.3.1/libarchive/archive_read_disk_entry_from_file.c 2017-07-04 01:31:03.297134418 +0000 +@@ -1865,7 +1865,7 @@ + #endif + #endif /* defined(HAVE_LINUX_FIEMAP_H) */ + +-#if defined(SEEK_HOLE) && defined(SEEK_DATA) ++#if defined(SEEK_HOLE) && defined(SEEK_DATA) && defined(__PENIS__) + + /* + * SEEK_HOLE sparse interface (FreeBSD, Linux, Solaris) diff --git a/system/llvm4/APKBUILD b/system/llvm4/APKBUILD new file mode 100644 index 000000000..236fb1fc5 --- /dev/null +++ b/system/llvm4/APKBUILD @@ -0,0 +1,253 @@ +# Contributor: Travis Tilley <ttilley@gmail.com> +# Contributor: Mitch Tishmack <mitch.tishmack@gmail.com> +# Contributor: Jakub Jirutka <jakub@jirutka.cz> +# Maintainer: Jakub Jirutka <jakub@jirutka.cz> +_pkgname=llvm +pkgver=4.0.0 +_majorver=${pkgver%%.*} +pkgname=$_pkgname$_majorver +pkgrel=5 +pkgdesc="Low Level Virtual Machine compiler system, version $_majorver" +arch="all" +url="http://llvm.org/" +license="UOI-NCSA" +depends_dev="$pkgname=$pkgver-r$pkgrel" +makedepends="binutils-dev chrpath cmake file libffi-dev paxmark python3 zlib-dev" +subpackages="$pkgname-static $pkgname-libs $pkgname-dev $pkgname-test-utils:_test_utils" +source="http://llvm.org/releases/$pkgver/llvm-$pkgver.src.tar.xz + llvm-fix-build-with-musl-libc.patch + llvm-fix-DynamicLibrary-to-build-with-musl-libc.patch + cmake-fix-libLLVM-name.patch + disable-FileSystemTest.CreateDir-perms-assert.patch + silent-amdgpu-test-failing.patch + fix-CheckAtomic.cmake.patch + " +builddir="$srcdir/$_pkgname-$pkgver.src" + +# ARM has few failures in test suite that we don't care about currently and +# also it takes forever to run them on the builder. +case "$CARCH" in + arm*) options="!check";; +esac + +# Whether is this package the default (latest) LLVM version. +_default_llvm="yes" + +if [ "$_default_llvm" = yes ]; then + provides="llvm=$pkgver-r$pkgrel" + replaces="llvm" +fi + +# NOTE: It seems that there's no (sane) way how to change includedir, sharedir +# etc. separately, just the CMAKE_INSTALL_PREFIX. Standard CMake variables and +# even LLVM-specific variables, that are related to these paths, actually +# don't work (in llvm 3.7). +# +# When building a software that depends on LLVM, utility llvm-config should be +# used to discover where is LLVM installed. It provides options to print +# path of bindir, includedir, and libdir separately, but in its source, all +# these paths are actually hard-coded against INSTALL_PREFIX. We can patch it +# and move paths manually, but I'm really not sure what it may break... +# +# Also note that we should *not* add version suffix to files in llvm bindir! +# It breaks build system of some software that depends on LLVM, because they +# don't expect these files to have a sufix. +# +# So, we install all the LLVM files into /usr/lib/llvm$_majorver. +# BTW, Fedora and Debian do the same thing. +# +_prefix="usr/lib/llvm$_majorver" + +prepare() { + default_prepare + cd "$builddir" + + # https://bugs.llvm.org//show_bug.cgi?id=31870 + rm test/tools/llvm-symbolizer/print_context.c + + mkdir -p "$builddir"/build +} + +build() { + cd "$builddir"/build + + # Auto-detect it by guessing either. + local ffi_include_dir="$(pkg-config --cflags-only-I libffi | sed 's|^-I||g')" + + cmake -G "Unix Makefiles" -Wno-dev \ + -DCMAKE_BUILD_TYPE=Release \ + -DCMAKE_INSTALL_PREFIX=/$_prefix \ + -DCMAKE_VERBOSE_MAKEFILE=NO \ + -DFFI_INCLUDE_DIR="$ffi_include_dir" \ + -DLLVM_BINUTILS_INCDIR=/usr/include \ + -DLLVM_BUILD_DOCS=OFF \ + -DLLVM_BUILD_EXAMPLES=OFF \ + -DLLVM_BUILD_EXTERNAL_COMPILER_RT=ON \ + -DLLVM_BUILD_LLVM_DYLIB=ON \ + -DLLVM_BUILD_TESTS=ON \ + -DLLVM_DEFAULT_TARGET_TRIPLE="$CBUILD" \ + -DLLVM_DYLIB_EXPORT_ALL=ON \ + -DLLVM_ENABLE_ASSERTIONS=OFF \ + -DLLVM_ENABLE_CXX1Y=ON \ + -DLLVM_ENABLE_FFI=ON \ + -DLLVM_ENABLE_LIBCXX=OFF \ + -DLLVM_ENABLE_PIC=ON \ + -DLLVM_ENABLE_RTTI=ON \ + -DLLVM_ENABLE_SPHINX=OFF \ + -DLLVM_ENABLE_TERMINFO=ON \ + -DLLVM_ENABLE_ZLIB=ON \ + -DLLVM_HOST_TRIPLE="$CHOST" \ + -DLLVM_INCLUDE_EXAMPLES=OFF \ + -DLLVM_LINK_LLVM_DYLIB=ON \ + -DLLVM_TARGETS_TO_BUILD='X86;ARM;AArch64;PowerPC;SystemZ;AMDGPU;NVPTX;Mips;BPF' \ + "$builddir" + + make llvm-tblgen + make + + paxmark m \ + bin/llvm-rtdyld \ + bin/lli \ + bin/lli-child-target \ + unittests/ExecutionEngine/MCJIT/MCJITTests \ + unittests/ExecutionEngine/Orc/OrcJITTests \ + unittests/Support/SupportTests + + python3 ../utils/lit/setup.py build +} + +check() { + cd "$builddir"/build + + # FIXME: Few tests fail on s390x, ignore it for now. See build log + # https://gist.github.com/jirutka/6edc951ad5b8002cf1780546cf661edc + case "$CARCH" in + s390x) make check-llvm || true;; + *) make check-llvm;; + esac +} + +package() { + cd "$builddir"/build + + make DESTDIR="$pkgdir" install + + cd "$pkgdir"/$_prefix + + # Remove RPATHs. + file lib/*.so bin/* \ + | awk -F: '$2~/ELF/{print $1}' \ + | xargs -r chrpath -d + + # Symlink files from /usr/lib/llvm*/bin to /usr/bin. + mkdir -p "$pkgdir"/usr/bin + local name newname path + for path in bin/*; do + name=${path##*/} + # Add version infix/suffix to the executable name. + case "$name" in + llvm-*) newname="llvm$_majorver-${name#llvm-}";; + *) newname="$name$_majorver";; + esac + # If this package provides=llvm (i.e. it's the default/latest + # llvm package), omit version infix/suffix. + if [ "$_default_llvm" = yes ]; then + newname=$name + fi + case "$name" in + FileCheck | obj2yaml | yaml2obj) continue;; + esac + ln -s ../lib/llvm$_majorver/bin/$name "$pkgdir"/usr/bin/$newname + done + + # Move /usr/lib/$pkgname/include/ into /usr/include/$pkgname/ + # and symlink it back. + _mv include/* "$pkgdir"/usr/include/$pkgname/ + rmdir include + ln -s ../../include/$pkgname include + + # Move /usr/lib/$pkgname/lib/cmake/llvm/ into /usr/lib/cmake/$pkgname/ + # and symlink it back. + _mv lib/cmake/llvm/* "$pkgdir"/usr/lib/cmake/$pkgname/ + rmdir lib/cmake/llvm + ln -s ../../../cmake/$pkgname lib/cmake/llvm +} + +static() { + pkgdesc="LLVM $_majorver static libraries" + _common_subpkg + + _mv "$pkgdir"/$_prefix/lib/*.a "$subpkgdir"/$_prefix/lib/ +} + +libs() { + pkgdesc="LLVM $_majorver runtime library" + local soname="libLLVM-$_majorver.0.so" + local soname2="libLLVM-$pkgver.so" + _common_subpkg + + mkdir -p "$subpkgdir" + cd "$subpkgdir" + + # libLLVM should be in /usr/lib. This is needed for binaries that are + # dynamically linked with libLLVM, so they can find it on default path. + _mv "$pkgdir"/$_prefix/lib/$soname usr/lib/ + ln -s $soname usr/lib/$soname2 + + # And also symlink it back to the LLVM prefix. + mkdir -p $_prefix/lib + ln -s ../../$soname $_prefix/lib/$soname + ln -s ../../$soname $_prefix/lib/$soname2 +} + +dev() { + _common_subpkg + default_dev + cd "$subpkgdir" + + _mv "$pkgdir"/$_prefix/lib $_prefix/ + _mv "$pkgdir"/$_prefix/include $_prefix/ + + _mv "$pkgdir"/$_prefix/bin/llvm-config $_prefix/bin/ +} + +_test_utils() { + pkgdesc="LLVM $_majorver utilities for executing LLVM and Clang style test suites" + depends="python3" + _common_subpkg + replaces="" + + local litver=$(python3 "$builddir"/utils/lit/setup.py --version 2>/dev/null \ + | sed 's/\.dev.*$//') + test -n "$litver" || return 1 + provides="$provides lit=$litver-r$pkgrel" + + cd "$builddir"/build + + install -D -m 755 bin/FileCheck "$subpkgdir"/$_prefix/bin/FileCheck + install -D -m 755 bin/not "$subpkgdir"/$_prefix/bin/not + + python3 ../utils/lit/setup.py install --prefix=/usr --root="$subpkgdir" + ln -s ../../../bin/lit "$subpkgdir"/$_prefix/bin/lit +} + +_common_subpkg() { + if [ "$_default_llvm" = yes ]; then + replaces="llvm${subpkgname#$pkgname}" + provides="$replaces=$pkgver-r$pkgrel" + fi +} + +_mv() { + local dest; for dest; do true; done # get last argument + mkdir -p "$dest" + mv $@ +} + +sha512sums="cf681f0626ef6d568d951cdc3e143471a1d7715a0ba11e52aa273cf5d8d421e1357ef2645cc85879eaefcd577e99e74d07b01566825b3d0461171ef2cbfc7704 llvm-4.0.0.src.tar.xz +f84cd65d7042e89826ba6e8d48c4c302bf4980da369d7f19a55f217e51c00ca8ed178d453df3a3cee76598a7cecb94aed0775a6d24fe73266f82749913fc3e71 llvm-fix-build-with-musl-libc.patch +19bfb9282455d39d07dbb2b1293b03a45c57d522fbb9c5e58dac034200669628b97e7a90cd4ff5d52d9bb79acfccbef653d8a1140a7f0589ecd6f9b7c4ba0eb6 llvm-fix-DynamicLibrary-to-build-with-musl-libc.patch +6d1a716e5aa24e6b9a3acf4cc11e2504b1b01abf574074e9e5617b991de87d5e4e687eb18e85e73d5e632568afe2fc357771c4c96f9e136502071991496fb78c cmake-fix-libLLVM-name.patch +49c47f125014b60d0ea7870f981a2c1708ad705793f89287ed846ee881a837a4dc0170bf467e03f2ef56177473128945287749ac80dc2d13cfabcf8b929ba58a disable-FileSystemTest.CreateDir-perms-assert.patch +97f788110abbb9e6add2e3a3d3b606dc2817ab726b74ead71241fc5433ba42d5d58e23be91a3b2444eb687c4f56a7c879bf5453e96f9785ce3541301329dda9c silent-amdgpu-test-failing.patch +3bcfeccc1f14567f99029a131b1289290226d48855857f2eb6a251e041981a8b8b2d7965099df16ebf0a406e48130679f97235ef3f3524577413bb51cf40e613 fix-CheckAtomic.cmake.patch" diff --git a/system/llvm4/cmake-fix-libLLVM-name.patch b/system/llvm4/cmake-fix-libLLVM-name.patch new file mode 100644 index 000000000..cb29fe2ef --- /dev/null +++ b/system/llvm4/cmake-fix-libLLVM-name.patch @@ -0,0 +1,26 @@ +Include version in name of shared libs + +libLLVM.so -> libLLVM-$MAJOR.$MINOR.so + +Source: http://pkgs.fedoraproject.org/cgit/rpms/llvm3.9.git/tree/llvm-soversion.patch?id=3dac83eaa5b88f550ae50125b14b8f644e10617b +--- a/cmake/modules/AddLLVM.cmake ++++ b/cmake/modules/AddLLVM.cmake +@@ -450,6 +450,18 @@ + PREFIX "" + ) + endif() ++ ++ # Set SOVERSION on shared libraries that lack explicit SONAME ++ # specifier, on *nix systems that are not Darwin. ++ if(UNIX AND NOT APPLE AND NOT ARG_SONAME) ++ set_target_properties(${name} ++ PROPERTIES ++ # Concatenate the version numbers since ldconfig expects exactly ++ # one component indicating the ABI version, while LLVM uses ++ # major+minor for that. ++ SOVERSION ${LLVM_VERSION_MAJOR}.${LLVM_VERSION_MINOR} ++ VERSION ${LLVM_VERSION_MAJOR}.${LLVM_VERSION_MINOR}.${LLVM_VERSION_PATCH}${LLVM_VERSION_SUFFIX}) ++ endif() + endif() + + if(ARG_MODULE OR ARG_SHARED) diff --git a/system/llvm4/disable-FileSystemTest.CreateDir-perms-assert.patch b/system/llvm4/disable-FileSystemTest.CreateDir-perms-assert.patch new file mode 100644 index 000000000..e73ce9b6f --- /dev/null +++ b/system/llvm4/disable-FileSystemTest.CreateDir-perms-assert.patch @@ -0,0 +1,61 @@ +Do not assert permissions of file created in /tmp directory. + +This assertion fails, probably due to some specific setup of /tmp +on build servers. + + FAIL: LLVM-Unit :: Support/SupportTests/FileSystemTest.CreateDir (1293 of 17222) + ******************** TEST 'LLVM-Unit :: Support/SupportTests/FileSystemTest.CreateDir' FAILED ******************** + Note: Google Test filter = FileSystemTest.CreateDir + [==========] Running 1 test from 1 test case. + [----------] Global test environment set-up. + [----------] 1 test from FileSystemTest + [ RUN ] FileSystemTest.CreateDir + /home/buildozer/aports/testing/llvm3.9/src/llvm-3.9.1.src/unittests/Support/Path.cpp:591: Failure + Value of: fs::perms::owner_read | fs::perms::owner_exe + Actual: 320 + Expected: Status.permissions() & fs::perms::all_all + Which is: 448 + +--- a/unittests/Support/Path.cpp ++++ b/unittests/Support/Path.cpp +@@ -579,23 +579,23 @@ + ASSERT_NO_ERROR(fs::remove(Twine(TestDirectory) + "foo")); + + #ifdef LLVM_ON_UNIX +- // Set a 0000 umask so that we can test our directory permissions. +- mode_t OldUmask = ::umask(0000); +- +- fs::file_status Status; +- ASSERT_NO_ERROR( +- fs::create_directory(Twine(TestDirectory) + "baz500", false, +- fs::perms::owner_read | fs::perms::owner_exe)); +- ASSERT_NO_ERROR(fs::status(Twine(TestDirectory) + "baz500", Status)); +- ASSERT_EQ(Status.permissions() & fs::perms::all_all, +- fs::perms::owner_read | fs::perms::owner_exe); +- ASSERT_NO_ERROR(fs::create_directory(Twine(TestDirectory) + "baz777", false, +- fs::perms::all_all)); +- ASSERT_NO_ERROR(fs::status(Twine(TestDirectory) + "baz777", Status)); +- ASSERT_EQ(Status.permissions() & fs::perms::all_all, fs::perms::all_all); +- +- // Restore umask to be safe. +- ::umask(OldUmask); ++// // Set a 0000 umask so that we can test our directory permissions. ++// mode_t OldUmask = ::umask(0000); ++// ++// fs::file_status Status; ++// ASSERT_NO_ERROR( ++// fs::create_directory(Twine(TestDirectory) + "baz500", false, ++// fs::perms::owner_read | fs::perms::owner_exe)); ++// ASSERT_NO_ERROR(fs::status(Twine(TestDirectory) + "baz500", Status)); ++// ASSERT_EQ(Status.permissions() & fs::perms::all_all, ++// fs::perms::owner_read | fs::perms::owner_exe); ++// ASSERT_NO_ERROR(fs::create_directory(Twine(TestDirectory) + "baz777", false, ++// fs::perms::all_all)); ++// ASSERT_NO_ERROR(fs::status(Twine(TestDirectory) + "baz777", Status)); ++// ASSERT_EQ(Status.permissions() & fs::perms::all_all, fs::perms::all_all); ++// ++// // Restore umask to be safe. ++// ::umask(OldUmask); + #endif + + #ifdef LLVM_ON_WIN32 diff --git a/system/llvm4/fix-CheckAtomic.cmake.patch b/system/llvm4/fix-CheckAtomic.cmake.patch new file mode 100644 index 000000000..a5309de6c --- /dev/null +++ b/system/llvm4/fix-CheckAtomic.cmake.patch @@ -0,0 +1,22 @@ +This cmake file uses command CHECK_LIBRARY_EXISTS that is defined in +module CheckLibraryExists, but it does not include that module. + +This caused build error in lldb, but only on x86 (not x86_64)... + + -- Performing Test HAVE_CXX_ATOMICS64_WITHOUT_LIB - Failed + CMake Error at /usr/lib/llvm4/lib/cmake/llvm/CheckAtomic.cmake:66 (check_library_exists): + Unknown CMake command "check_library_exists". + Call Stack (most recent call first): + cmake/modules/LLDBStandalone.cmake:90 (include) + CMakeLists.txt:3 (include) + +--- a/cmake/modules/CheckAtomic.cmake ++++ b/cmake/modules/CheckAtomic.cmake +@@ -1,6 +1,7 @@ + # atomic builtins are required for threading support. + + INCLUDE(CheckCXXSourceCompiles) ++INCLUDE(CheckLibraryExists) + + # Sometimes linking against libatomic is required for atomic ops, if + # the platform doesn't support lock-free atomics. diff --git a/system/llvm4/llvm-fix-DynamicLibrary-to-build-with-musl-libc.patch b/system/llvm4/llvm-fix-DynamicLibrary-to-build-with-musl-libc.patch new file mode 100644 index 000000000..d5d7f07b5 --- /dev/null +++ b/system/llvm4/llvm-fix-DynamicLibrary-to-build-with-musl-libc.patch @@ -0,0 +1,33 @@ +From d12ecb83d01dcb580dd94f4d57828f33d3eb4c35 Mon Sep 17 00:00:00 2001 +From: Natanael Copa <ncopa@alpinelinux.org> +Date: Thu, 18 Feb 2016 15:33:21 +0100 +Subject: [PATCH 3/3] Fix DynamicLibrary to build with musl libc + +stdin/out/err is part of the libc and not the kernel so we check for the +specific libc that does the unexpected instead of linux. + +This is needed for making it build with musl libc. +--- + lib/Support/DynamicLibrary.cpp | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/lib/Support/DynamicLibrary.cpp b/lib/Support/DynamicLibrary.cpp +index 9a7aeb5..0c1c8f8 100644 +--- a/lib/Support/DynamicLibrary.cpp ++++ b/lib/Support/DynamicLibrary.cpp +@@ -140,10 +140,10 @@ void* DynamicLibrary::SearchForAddressOfSymbol(const char *symbolName) { + #define EXPLICIT_SYMBOL(SYM) \ + if (!strcmp(symbolName, #SYM)) return &SYM + +-// On linux we have a weird situation. The stderr/out/in symbols are both ++// On GNU libc we have a weird situation. The stderr/out/in symbols are both + // macros and global variables because of standards requirements. So, we + // boldly use the EXPLICIT_SYMBOL macro without checking for a #define first. +-#if defined(__linux__) and !defined(__ANDROID__) ++#if defined(__GLIBC__) + { + EXPLICIT_SYMBOL(stderr); + EXPLICIT_SYMBOL(stdout); +-- +2.7.3 + diff --git a/system/llvm4/llvm-fix-build-with-musl-libc.patch b/system/llvm4/llvm-fix-build-with-musl-libc.patch new file mode 100644 index 000000000..6ee91ea44 --- /dev/null +++ b/system/llvm4/llvm-fix-build-with-musl-libc.patch @@ -0,0 +1,46 @@ +From 5c571082fdaf61f6df19d9b7137dc26d71334058 Mon Sep 17 00:00:00 2001 +From: Natanael Copa <ncopa@alpinelinux.org> +Date: Thu, 18 Feb 2016 10:33:04 +0100 +Subject: [PATCH 2/3] Fix build with musl libc + +On musl libc the fopen64 and fopen are the same thing, but for +compatibility they have a `#define fopen64 fopen`. Same applies for +fseek64, fstat64, fstatvfs64, ftello64, lstat64, stat64 and tmpfile64. +--- + include/llvm/Analysis/TargetLibraryInfo.h | 9 +++++++++ + 1 file changed, 9 insertions(+) + +diff --git a/include/llvm/Analysis/TargetLibraryInfo.h b/include/llvm/Analysis/TargetLibraryInfo.h +index 7becdf0..7f14427 100644 +--- a/include/llvm/Analysis/TargetLibraryInfo.h ++++ b/include/llvm/Analysis/TargetLibraryInfo.h +@@ -18,6 +18,26 @@ + #include "llvm/IR/Module.h" + #include "llvm/Pass.h" + ++#undef fopen64 ++#undef fseeko64 ++#undef fstat64 ++#undef fstatvfs64 ++#undef ftello64 ++#undef lstat64 ++#undef stat64 ++#undef tmpfile64 ++#undef F_GETLK64 ++#undef F_SETLK64 ++#undef F_SETLKW64 ++#undef flock64 ++#undef open64 ++#undef openat64 ++#undef creat64 ++#undef lockf64 ++#undef posix_fadvise64 ++#undef posix_fallocate64 ++#undef off64_t ++ + namespace llvm { + /// VecDesc - Describes a possible vectorization of a function. + /// Function 'VectorFnName' is equivalent to 'ScalarFnName' vectorized +-- +2.7.3 + diff --git a/system/llvm4/silent-amdgpu-test-failing.patch b/system/llvm4/silent-amdgpu-test-failing.patch new file mode 100644 index 000000000..e20cee595 --- /dev/null +++ b/system/llvm4/silent-amdgpu-test-failing.patch @@ -0,0 +1,40 @@ +See https://bugs.llvm.org//show_bug.cgi?id=31610 + +--- a/test/CodeGen/AMDGPU/invalid-opencl-version-metadata1.ll ++++ b/test/CodeGen/AMDGPU/invalid-opencl-version-metadata1.ll +@@ -2,5 +2,6 @@ + ; check llc does not crash for invalid opencl version metadata + + ; CHECK: { amd.MDVersion: [ 2, 0 ] } ++; XFAIL: * + + !opencl.ocl.version = !{} +--- a/test/CodeGen/AMDGPU/invalid-opencl-version-metadata2.ll ++++ b/test/CodeGen/AMDGPU/invalid-opencl-version-metadata2.ll +@@ -2,6 +2,7 @@ + ; check llc does not crash for invalid opencl version metadata + + ; CHECK: { amd.MDVersion: [ 2, 0 ] } ++; XFAIL: * + + !opencl.ocl.version = !{!0} + !0 = !{} +--- a/test/CodeGen/AMDGPU/invalid-opencl-version-metadata3.ll ++++ b/test/CodeGen/AMDGPU/invalid-opencl-version-metadata3.ll +@@ -2,6 +2,7 @@ + ; check llc does not crash for invalid opencl version metadata + + ; CHECK: { amd.MDVersion: [ 2, 0 ] } ++; XFAIL: * + + !opencl.ocl.version = !{!0} + !0 = !{i32 1} +--- a/test/CodeGen/AMDGPU/runtime-metadata.ll ++++ b/test/CodeGen/AMDGPU/runtime-metadata.ll +@@ -1,5 +1,6 @@ + ; RUN: llc -mtriple=amdgcn--amdhsa -filetype=obj -o - < %s | llvm-readobj -amdgpu-runtime-metadata | FileCheck %s + ; RUN: llc -mtriple=amdgcn--amdhsa -filetype=obj -amdgpu-dump-rtmd -amdgpu-check-rtmd-parser %s -o - 2>&1 | FileCheck --check-prefix=CHECK --check-prefix=PARSER %s ++; XFAIL: * + + %struct.A = type { i8, float } + %opencl.image1d_t = type opaque diff --git a/system/mesa/APKBUILD b/system/mesa/APKBUILD new file mode 100644 index 000000000..ceb22c20f --- /dev/null +++ b/system/mesa/APKBUILD @@ -0,0 +1,252 @@ +# Maintainer: Natanael Copa <ncopa@alpinelinux.org> +pkgname=mesa +pkgver=17.3.1 +pkgrel=1 +pkgdesc="Mesa DRI OpenGL library" +url="http://www.mesa3d.org" +arch="all" +license="LGPL" +depends= +subpackages="$pkgname-dev + $pkgname-dri-ati:_dri + $pkgname-dri-nouveau:_dri + $pkgname-dri-freedreno:_dri + $pkgname-dri-swrast:_dri + $pkgname-dri-virtio:_dri + $pkgname-glapi $pkgname-egl $pkgname-gl $pkgname-gles + $pkgname-xatracker $pkgname-osmesa $pkgname-gbm + $pkgname-libwayland-egl:_wayland + " +_llvmver=4 +depends_dev="libdrm-dev dri2proto libxext-dev libxdamage-dev libxcb-dev glproto + dri3proto presentproto libxshmfence-dev" +makedepends="$depends_dev expat-dev xextproto libxt-dev makedepend py3-mako + flex bison llvm$_llvmver-dev eudev-dev libvdpau-dev python3 py-libxml2 + libxvmc-dev gettext zlib-dev wayland-dev libelf-dev wayland-protocols + autoconf automake libtool libxxf86vm-dev libx11-dev libxfixes-dev" +source="https://mesa.freedesktop.org/archive/mesa-$pkgver.tar.xz + glx_ro_text_segm.patch + musl-fixes.patch + musl-fix-includes.patch + disk_cache-stack-overflow.patch + drmdeps.patch + python3-compat.patch + " +replaces="mesa-dricore" + +_dri_driverdir=/usr/lib/xorg/modules/dri +_dri_drivers="r200,radeon,nouveau,swrast" +_gallium_drivers="r300,r600,radeonsi,nouveau,freedreno,swrast,virgl" +_vulkan_drivers="radeon" + +builddir="$srcdir/mesa-$pkgver" + +_arch_opts= + +case "$CARCH" in +x86* | pmmx) + _dri_drivers="${_dri_drivers},i915,i965" + _gallium_drivers="${_gallium_drivers},svga" + _vulkan_drivers="${_vulkan_drivers},intel" + subpackages="$subpackages $pkgname-dri-intel:_dri $pkgname-dri-vmwgfx:_dri" + ;; +arm*) + _gallium_drivers="${_gallium_drivers},vc4" + case "$CARCH" in + armhf) CFLAGS="$CFLAGS -mfpu=neon";; + esac + ;; +esac + +prepare() { + cd "$builddir" + default_prepare + libtoolize --force \ + && aclocal \ + && automake --add-missing \ + && autoreconf +} + +build() { + cd "$builddir" + + export CFLAGS="$CFLAGS -D_XOPEN_SOURCE=700" + ./configure \ + --build=$CBUILD \ + --host=$CHOST \ + --prefix=/usr \ + --sysconfdir=/etc \ + --with-dri-driverdir=$_dri_driverdir \ + --disable-asm \ + --disable-xvmc \ + --enable-glx-rts \ + --with-gallium-drivers=${_gallium_drivers} \ + --with-dri-drivers=${_dri_drivers} \ + --with-vulkan-drivers=${_vulkan_drivers} \ + --with-llvm-prefix=/usr/lib/llvm$_llvmver \ + --enable-llvm-shared-libs \ + --enable-llvm \ + --with-platforms=x11,drm,wayland \ + --enable-shared-glapi \ + --enable-gbm \ + --disable-glx-tls \ + --disable-nine \ + --enable-dri \ + --enable-dri3 \ + --enable-glx \ + --enable-osmesa \ + --enable-gles1 \ + --enable-gles2 \ + --enable-egl \ + --enable-texture-float \ + --enable-xa \ + --enable-vdpau \ + $_arch_opts + + make +} + +check() { + cd "$builddir" + # Compiler test requires LLVM 3.8 and Python 2 + for i in gtest util mapi; do + make -C "src/$i" check + done +} + +package() { + cd "$builddir" + make -j1 DESTDIR="$pkgdir" install +} + +egl() { + replaces="mesa" + pkgdesc="Mesa libEGL runtime libraries" + install -d "$subpkgdir"/usr/lib + mv "$pkgdir"/usr/lib/libEGL.so* \ + "$subpkgdir"/usr/lib/ +} + +gl() { + replaces="mesa" + pkgdesc="Mesa libGL runtime libraries" + install -d "$subpkgdir"/usr/lib + mv "$pkgdir"/usr/lib/libGL.so* \ + "$subpkgdir"/usr/lib/ +} + +glapi() { + replaces="$pkgname-gles" + pkgdesc="Mesa shared glapi" + install -d "$subpkgdir"/usr/lib + mv "$pkgdir"/usr/lib/libglapi.so.* \ + "$subpkgdir"/usr/lib/ +} + +gles() { + replaces="mesa" + pkgdesc="Mesa libGLESv2 runtime libraries" + install -d "$subpkgdir"/usr/lib + mv "$pkgdir"/usr/lib/libGLES*.so* \ + "$subpkgdir"/usr/lib/ +} + +xatracker() { + pkgdesc="Mesa XA state tracker for vmware" + install -d "$subpkgdir"/usr/lib + mv "$pkgdir"/usr/lib/libxatracker*.so.* \ + "$subpkgdir"/usr/lib/ +} + +osmesa() { + pkgdesc="Mesa offscreen rendering libraries" + install -d "$subpkgdir"/usr/lib + mv "$pkgdir"/usr/lib/libOSMesa.so.* \ + "$subpkgdir"/usr/lib/ +} + +gbm() { + pkgdesc="Mesa gbm library" + replaces="mesa" + install -d "$subpkgdir"/usr/lib + mv "$pkgdir"/usr/lib/libgbm.so.* \ + "$subpkgdir"/usr/lib/ +} + +_mv_dri() { + install -d "$subpkgdir"/$_dri_driverdir + + while [ $# -gt 0 ]; do + mv "$pkgdir"/$_dri_driverdir/${1}.so \ + "$subpkgdir"/$_dri_driverdir/ || return 1 + shift + done +} + +_mv_vdpau() { + local i + install -d "$subpkgdir"/usr/lib/vdpau + for i in "$@"; do + mv "$pkgdir"/usr/lib/vdpau/libvdpau_$i.* \ + "$subpkgdir"/usr/lib/vdpau/ || return 1 + done +} + +_mv_gpipe() { + return 0 + # http://cgit.freedesktop.org/mesa/mesa/commit/?id=44ec468e8033553c26a112cebba41c343db00eb1 + # https://code.google.com/p/chromium/issues/detail?id=412089 +# local i +# install -d "$subpkgdir"/usr/lib/gallium-pipe +# for i in "$@"; do +# mv "$pkgdir"/usr/lib/gallium-pipe/pipe_$i.* \ +# "$subpkgdir"/usr/lib/gallium-pipe/ || return 1 +# done +} + +_dri() { + local n=${subpkgname##*-dri-} + pkgdesc="Mesa DRI driver for $n" + case $n in + ati) + _mv_dri radeon_dri r200_dri r300_dri r600_dri radeonsi_dri \ + && _mv_vdpau r300 r600 radeonsi \ + && _mv_gpipe r300 r600 + ;; + intel) + _mv_dri i915_dri i965_dri + ;; + nouveau) + _mv_dri nouveau_dri nouveau_vieux_dri \ + && _mv_vdpau nouveau \ + && _mv_gpipe nouveau + ;; + freedreno) + _mv_dri msm_dri kgsl_dri + ;; + swrast) + _mv_dri swrast_dri kms_swrast_dri && _mv_gpipe swrast + ;; + vmwgfx) + _mv_dri vmwgfx_dri && _mv_gpipe vmwgfx + ;; + virtio) + _mv_dri virtio_gpu_dri + ;; + esac +} + +_wayland() { + pkgdesc="Mesa libwayland-egl library" + mkdir -p "$subpkgdir"/usr/lib + mv "$pkgdir"/usr/lib/libwayland-egl.so.* "$subpkgdir"/usr/lib/ \ + || return 1 +} + +sha512sums="a2bd0123bf2df0db03197001a9e001b25f2609f3c6bf1bae66f3bc50c51d2558b5b77e232e81c1658c3a4dec88eda32a8b5a85c1fedc937a7441476228ef8238 mesa-17.3.1.tar.xz +c3d4804ebc24c7216e4c9d4995fb92e116be7f478024b44808ee134a4c93bb51d1f66fe5fb6eca254f124c4abf6f81272b027824b3e2650a9607818bf793035a glx_ro_text_segm.patch +edb9c221b093117f48fa298ae557f1d6ed9bbf32d7d262ad4ddb51d26ece94e3efac17670784606052b2ebe8d3dc2b221164f6b52f5282eb3318e6377932be04 musl-fixes.patch +c7d91a660a033df91fac9c557039efc8669f0c26b2d35997d50753938b70d1af0bd110dcab3f8236eafab7d4be5dd7cd128a3e057e67e7e6a38a73fd6a7ef62e musl-fix-includes.patch +f40ff04ac73c090c74d1955de6013c5aa41fb77f28b2b82d89cfc1880306a9ca1dde4581592db19f0a0ec6d85032f1ed5d953103ab0d075f9f0b7e459a028c45 disk_cache-stack-overflow.patch +6800bc62aebfba22a2562c858c27391b47c5675020bd67f040da93ffe4d5d8ac828907a44c7cee6a4ebe63821b58c2515b4012f1f23473670b1de8670426a430 drmdeps.patch +be91c579111e4ceadf094fcd55fff46ff12c360e2d89c98fac50fbd3bb2459dbd1209d562d27338b94b20bbeae5fca2dd881694bd0da55fca8cdfe253ae384f1 python3-compat.patch" diff --git a/system/mesa/disk_cache-stack-overflow.patch b/system/mesa/disk_cache-stack-overflow.patch new file mode 100644 index 000000000..3fad95259 --- /dev/null +++ b/system/mesa/disk_cache-stack-overflow.patch @@ -0,0 +1,42 @@ +The disk cache code tries to allocate a 256 Kbyte buffer on the stack. +Since musl only gives 80 Kbyte of stack space per thread, this causes a trap. + +--- mesa-17.3.1/src/util/disk_cache.c.old 2017-12-21 11:31:22.000000000 -0600 ++++ mesa-17.3.1/src/util/disk_cache.c 2017-12-29 01:17:15.625633901 -0600 +@@ -716,7 +716,7 @@ + deflate_and_write_to_disk(const void *in_data, size_t in_data_size, int dest, + const char *filename) + { +- unsigned char out[BUFSIZE]; ++ unsigned char *out; + + /* allocate deflate state */ + z_stream strm; +@@ -733,6 +733,11 @@ + /* compress until end of in_data */ + size_t compressed_size = 0; + int flush; ++ ++ out = calloc(1, BUFSIZE); ++ if (out == NULL) ++ return 0; ++ + do { + int remaining = in_data_size - BUFSIZE; + flush = remaining > 0 ? Z_NO_FLUSH : Z_FINISH; +@@ -754,6 +759,7 @@ + ssize_t written = write_all(dest, out, have); + if (written == -1) { + (void)deflateEnd(&strm); ++ free(out); + return 0; + } + } while (strm.avail_out == 0); +@@ -768,6 +774,7 @@ + + /* clean up and return */ + (void)deflateEnd(&strm); ++ free(out); + return compressed_size; + } + diff --git a/system/mesa/drmdeps.patch b/system/mesa/drmdeps.patch new file mode 100644 index 000000000..edcb80643 --- /dev/null +++ b/system/mesa/drmdeps.patch @@ -0,0 +1,41 @@ +--- a/src/gallium/winsys/radeon/drm/Makefile.am 2017-08-10 11:45:20.737377457 -0400 ++++ b/src/gallium/winsys/radeon/drm/Makefile.am 2017-08-10 11:50:23.414534307 -0400 +@@ -7,4 +7,6 @@ + + noinst_LTLIBRARIES = libradeonwinsys.la + ++libradeonwinsys_la_LIBADD = -ldrm_radeon ++ + libradeonwinsys_la_SOURCES = $(C_SOURCES) +--- a/src/gallium/winsys/radeon/drm/Makefile.in 2017-08-10 11:45:25.577298181 -0400 ++++ b/src/gallium/winsys/radeon/drm/Makefile.in 2017-08-10 11:57:11.151189074 -0400 +@@ -119,7 +119,7 @@ + CONFIG_CLEAN_FILES = + CONFIG_CLEAN_VPATH_FILES = + LTLIBRARIES = $(noinst_LTLIBRARIES) +-libradeonwinsys_la_LIBADD = ++libradeonwinsys_la_LIBADD = -ldrm_radeon + am__objects_1 = radeon_drm_bo.lo radeon_drm_cs.lo \ + radeon_drm_surface.lo radeon_drm_winsys.lo + am_libradeonwinsys_la_OBJECTS = $(am__objects_1) +--- a/src/gallium/winsys/amdgpu/drm/Makefile.am 2017-12-21 11:31:21.000000000 -0600 ++++ b/src/gallium/winsys/amdgpu/drm/Makefile.am 2017-12-28 19:24:48.613693400 -0600 +@@ -11,6 +11,6 @@ + noinst_LTLIBRARIES = libamdgpuwinsys.la + + libamdgpuwinsys_la_LIBADD = \ +- $(top_builddir)/src/amd/addrlib/libamdgpu_addrlib.la ++ $(top_builddir)/src/amd/addrlib/libamdgpu_addrlib.la -ldrm_amdgpu + + libamdgpuwinsys_la_SOURCES = $(C_SOURCES) +--- a/src/gallium/winsys/amdgpu/drm/Makefile.in 2017-12-21 11:31:30.000000000 -0600 ++++ b/src/gallium/winsys/amdgpu/drm/Makefile.in 2017-12-28 19:25:22.553597353 -0600 +@@ -572,7 +572,7 @@ + AM_CXXFLAGS = $(AM_CFLAGS) + noinst_LTLIBRARIES = libamdgpuwinsys.la + libamdgpuwinsys_la_LIBADD = \ +- $(top_builddir)/src/amd/addrlib/libamdgpu_addrlib.la ++ $(top_builddir)/src/amd/addrlib/libamdgpu_addrlib.la -ldrm_amdgpu + + libamdgpuwinsys_la_SOURCES = $(C_SOURCES) + all: all-am diff --git a/system/mesa/glx_ro_text_segm.patch b/system/mesa/glx_ro_text_segm.patch new file mode 100644 index 000000000..8cad4876b --- /dev/null +++ b/system/mesa/glx_ro_text_segm.patch @@ -0,0 +1,28 @@ +2011-02-09 Jeremy Huddleston <jeremyhu@freedesktop.org + + #240956 + * configure.ac add support to enable readonly test segment on x86 + +--- ./configure.ac.orig 2008-11-17 23:19:38.000000000 +0100 ++++ ./configure.ac 2008-11-17 23:20:17.000000000 +0100 +@@ -499,6 +499,20 @@ + enable_xcb=no + fi + ++ ++dnl readonly text segment on x86 hardened platforms ++AC_ARG_ENABLE([glx_rts], ++ [AS_HELP_STRING([--enable-glx-rts], ++ [on x86, use a readonly text segment for libGL @<:@default=disabled@:>@])], ++ [enable_glx_rts="$enableval"], ++ [enable_glx_rts=no]) ++if test "x$enable_glx_rts" = xyes; then ++ DEFINES="$DEFINES -DGLX_X86_READONLY_TEXT" ++else ++ enable_glx_rts=no ++fi ++ ++ + dnl + dnl libGL configuration per driver + dnl diff --git a/system/mesa/musl-fix-includes.patch b/system/mesa/musl-fix-includes.patch new file mode 100644 index 000000000..2f6cc1d13 --- /dev/null +++ b/system/mesa/musl-fix-includes.patch @@ -0,0 +1,14 @@ +diff --git a/src/util/rand_xor.c b/src/util/rand_xor.c +index de05fa6..016703c 100644 +--- a/src/util/rand_xor.c ++++ b/src/util/rand_xor.c +@@ -24,6 +24,9 @@ + + #if defined(__linux__) + #include <sys/file.h> ++#include <sys/types.h> ++#include <sys/stat.h> ++#include <fcntl.h> + #include <unistd.h> + #else + #include <time.h> diff --git a/system/mesa/musl-fixes.patch b/system/mesa/musl-fixes.patch new file mode 100644 index 000000000..60140d445 --- /dev/null +++ b/system/mesa/musl-fixes.patch @@ -0,0 +1,22 @@ +--- ./src/gallium/winsys/svga/drm/vmw_screen.h.orig ++++ ./src/gallium/winsys/svga/drm/vmw_screen.h +@@ -34,7 +34,7 @@ + #ifndef VMW_SCREEN_H_ + #define VMW_SCREEN_H_ + +- ++#include <sys/stat.h> + #include "pipe/p_compiler.h" + #include "pipe/p_state.h" + +--- a/src/util/u_endian.h.orig 2016-11-04 12:16:00.480356454 +0100 ++++ b/src/util/u_endian.h 2016-11-04 12:16:11.984347944 +0100 +@@ -27,7 +27,7 @@ + #ifndef U_ENDIAN_H + #define U_ENDIAN_H + +-#if defined(__GLIBC__) || defined(ANDROID) || defined(__CYGWIN__) ++#if defined(__linux__) || defined(ANDROID) || defined(__CYGWIN__) + #include <endian.h> + + #if __BYTE_ORDER == __LITTLE_ENDIAN diff --git a/system/mesa/python3-compat.patch b/system/mesa/python3-compat.patch new file mode 100644 index 000000000..8532f8c0c --- /dev/null +++ b/system/mesa/python3-compat.patch @@ -0,0 +1,106 @@ +--- mesa-17.3.1/src/gallium/drivers/r600/egd_tables.py (original) ++++ mesa-17.3.1/src/gallium/drivers/r600/egd_tables.py (refactored) +@@ -60,7 +60,7 @@ + """ + fragments = [ + '"%s\\0" /* %s */' % ( +- te[0].encode('string_escape'), ++ te[0].encode('unicode-escape'), + ', '.join(str(idx) for idx in te[2]) + ) + for te in self.table +@@ -217,10 +217,10 @@ + strings = StringTable() + strings_offsets = IntTable("int") + +- print '/* This file is autogenerated by egd_tables.py from evergreend.h. Do not edit directly. */' +- print +- print CopyRight.strip() +- print ''' ++ print('/* This file is autogenerated by egd_tables.py from evergreend.h. Do not edit directly. */') ++ print() ++ print(CopyRight.strip()) ++ print(''' + #ifndef EG_TABLES_H + #define EG_TABLES_H + +@@ -242,20 +242,20 @@ + unsigned name_offset; + unsigned op; + }; +-''' +- +- print 'static const struct eg_packet3 packet3_table[] = {' ++''') ++ ++ print('static const struct eg_packet3 packet3_table[] = {') + for pkt in packets: +- print '\t{%s, %s},' % (strings.add(pkt[5:]), pkt) +- print '};' +- print +- +- print 'static const struct eg_field egd_fields_table[] = {' ++ print('\t{%s, %s},' % (strings.add(pkt[5:]), pkt)) ++ print('};') ++ print() ++ ++ print('static const struct eg_field egd_fields_table[] = {') + + fields_idx = 0 + for reg in regs: + if len(reg.fields) and reg.own_fields: +- print '\t/* %s */' % (fields_idx) ++ print('\t/* %s */' % (fields_idx)) + + reg.fields_idx = fields_idx + +@@ -266,34 +266,34 @@ + while value[1] >= len(values_offsets): + values_offsets.append(-1) + values_offsets[value[1]] = strings.add(strip_prefix(value[0])) +- print '\t{%s, %s(~0u), %s, %s},' % ( ++ print('\t{%s, %s(~0u), %s, %s},' % ( + strings.add(field.name), field.s_name, +- len(values_offsets), strings_offsets.add(values_offsets)) ++ len(values_offsets), strings_offsets.add(values_offsets))) + else: +- print '\t{%s, %s(~0u)},' % (strings.add(field.name), field.s_name) ++ print('\t{%s, %s(~0u)},' % (strings.add(field.name), field.s_name)) + fields_idx += 1 + +- print '};' +- print +- +- print 'static const struct eg_reg egd_reg_table[] = {' ++ print('};') ++ print() ++ ++ print('static const struct eg_reg egd_reg_table[] = {') + for reg in regs: + if len(reg.fields): +- print '\t{%s, %s, %s, %s},' % (strings.add(reg.name), reg.r_name, +- len(reg.fields), reg.fields_idx if reg.own_fields else reg.fields_owner.fields_idx) ++ print('\t{%s, %s, %s, %s},' % (strings.add(reg.name), reg.r_name, ++ len(reg.fields), reg.fields_idx if reg.own_fields else reg.fields_owner.fields_idx)) + else: +- print '\t{%s, %s},' % (strings.add(reg.name), reg.r_name) +- print '};' +- print ++ print('\t{%s, %s},' % (strings.add(reg.name), reg.r_name)) ++ print('};') ++ print() + + strings.emit(sys.stdout, "egd_strings") + +- print ++ print() + + strings_offsets.emit(sys.stdout, "egd_strings_offsets") + +- print +- print '#endif' ++ print() ++ print('#endif') + + + def main(): diff --git a/system/openrc/0001-call-sbin-mkmntdirs-in-localmount-OpenRC-service.patch b/system/openrc/0001-call-sbin-mkmntdirs-in-localmount-OpenRC-service.patch new file mode 100644 index 000000000..f6996b3fc --- /dev/null +++ b/system/openrc/0001-call-sbin-mkmntdirs-in-localmount-OpenRC-service.patch @@ -0,0 +1,25 @@ +From 94742e085ac96d366401df883df96d35d0eafd5a Mon Sep 17 00:00:00 2001 +From: Natanael Copa <ncopa@alpinelinux.org> +Date: Wed, 1 Feb 2017 04:04:52 +0000 +Subject: [PATCH 1/7] call /sbin/mkmntdirs in localmount OpenRC service + +--- + init.d/localmount.in | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/init.d/localmount.in b/init.d/localmount.in +index cae80c34..3dbb375b 100644 +--- a/init.d/localmount.in ++++ b/init.d/localmount.in +@@ -21,6 +21,8 @@ depend() + + start() + { ++ [ -x /sbin/mkmntdirs ] && mkmntdirs ++ + # Mount local filesystems in /etc/fstab. + # The types variable must start with no, and must be a type + local critical= types="noproc" x= no_netdev= rc= +-- +2.11.0 + diff --git a/system/openrc/0002-force-root-be-rw-before-localmount.patch b/system/openrc/0002-force-root-be-rw-before-localmount.patch new file mode 100644 index 000000000..1c9f12c1a --- /dev/null +++ b/system/openrc/0002-force-root-be-rw-before-localmount.patch @@ -0,0 +1,30 @@ +From 228df9f1f21e08ec659d5fcf1f716393e563a3a5 Mon Sep 17 00:00:00 2001 +From: Natanael Copa <ncopa@alpinelinux.org> +Date: Wed, 1 Feb 2017 04:05:44 +0000 +Subject: [PATCH 2/7] force root be rw before localmount + +The service that pulls in root remount is mtab which we dont need/use. +--- + init.d/localmount.in | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/init.d/localmount.in b/init.d/localmount.in +index 9c8da2d0..c349c951 100644 +--- a/init.d/localmount.in ++++ b/init.d/localmount.in +@@ -13,9 +13,9 @@ description="Mounts disks and swap according to /etc/fstab." + + depend() + { +- need fsck +- use lvm modules mtab root +- after lvm modules root ++ need fsck root ++ use lvm modules mtab ++ after lvm modules + keyword -docker -jail -lxc -prefix -systemd-nspawn -vserver + } + +-- +2.11.1 + diff --git a/system/openrc/0003-sysctl-add-compatibility-for-busybox-sysctl.patch b/system/openrc/0003-sysctl-add-compatibility-for-busybox-sysctl.patch new file mode 100644 index 000000000..3803bcca8 --- /dev/null +++ b/system/openrc/0003-sysctl-add-compatibility-for-busybox-sysctl.patch @@ -0,0 +1,46 @@ +From ed120780512b6dd0bfabba0ea59d06d1099924b0 Mon Sep 17 00:00:00 2001 +From: William Pitcock <nenolod@dereferenced.org> +Date: Wed, 1 Feb 2017 04:08:33 +0000 +Subject: [PATCH 3/7] sysctl: add compatibility for busybox sysctl + +--- + init.d/sysctl.in | 21 +++++++++++++++++++-- + 1 file changed, 19 insertions(+), 2 deletions(-) + +diff --git a/init.d/sysctl.in b/init.d/sysctl.in +index cb756f3a..fc22364b 100644 +--- a/init.d/sysctl.in ++++ b/init.d/sysctl.in +@@ -38,10 +38,27 @@ BSD_sysctl() + + Linux_sysctl() + { +- local quiet ++ local quiet retval=0 + yesno $rc_verbose || quiet=-q + +- sysctl ${quiet} --system ++ set -- ++ eindent ++ for i in /run/sysctl.d/*.conf \ ++ /etc/sysctl.d/*.conf \ ++ /usr/local/lib/sysctl.d/*.conf \ ++ /usr/lib/sysctl.d/*.conf \ ++ /lib/sysctl.d/*.conf \ ++ /etc/sysctl.conf; do ++ if [ -e "$i" ]; then ++ vebegin "applying $conf" ++ sysctl ${quiet} -p "$i" ++ retval=$(( $retval + $? )) ++ veend $retval ++ fi ++ done ++ eoutdent ++ ++ return $retval + } + + start() +-- +2.11.0 + diff --git a/system/openrc/0004-hide-error-when-migrating-var-run-to-run.patch b/system/openrc/0004-hide-error-when-migrating-var-run-to-run.patch new file mode 100644 index 000000000..801d3b236 --- /dev/null +++ b/system/openrc/0004-hide-error-when-migrating-var-run-to-run.patch @@ -0,0 +1,28 @@ +From 496b984f889531bf629d77a5fa2211f8cb0a1183 Mon Sep 17 00:00:00 2001 +From: Natanael Copa <ncopa@alpinelinux.org> +Date: Wed, 17 Aug 2016 17:18:21 +0200 +Subject: [PATCH 4/7] hide error when migrating /var/run to /run + +The script tries to copy non-existing files. We simply hide the error + +http://bugs.alpinelinux.org/issues/3160 +--- + init.d/bootmisc.in | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/init.d/bootmisc.in b/init.d/bootmisc.in +index efc1c572..6e473ade 100644 +--- a/init.d/bootmisc.in ++++ b/init.d/bootmisc.in +@@ -112,7 +112,7 @@ migrate_to_run() + rm $src + elif [ ! -L $src -a -d $src ]; then + ebegin "Migrating $src to $dst" +- cp -a $src/* $dst/ ++ cp -a $src/* $dst/ 2>/dev/null + rm -rf $src + eend $? + fi +-- +2.11.0 + diff --git a/system/openrc/0005-rc-pull-in-sysinit-and-boot-as-stacked-levels-when-n.patch b/system/openrc/0005-rc-pull-in-sysinit-and-boot-as-stacked-levels-when-n.patch new file mode 100644 index 000000000..eb1ad1408 --- /dev/null +++ b/system/openrc/0005-rc-pull-in-sysinit-and-boot-as-stacked-levels-when-n.patch @@ -0,0 +1,71 @@ +From b62d7b9438af6dac50d52708777070f312e6650c Mon Sep 17 00:00:00 2001 +From: Natanael Copa <ncopa@alpinelinux.org> +Date: Wed, 1 Feb 2017 04:17:14 +0000 +Subject: [PATCH 5/7] rc: pull in sysinit and boot as stacked levels when + needed + +We need start services from sysinit and boot runlevel, even if the new +runlevel is empty. + +This fixes problem introduced with commit 7716bf31 (Fix stacked runlevel +support), at which the start_services list are no longer used to start +the services. + +This also make sure that all services in sysinit and boot runlevels are +started before switching to next. This was not guaranteed when switching +to a non-empty runlevel. + +Fixes issue #54. +--- + src/rc/rc.c | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +diff --git a/src/rc/rc.c b/src/rc/rc.c +index 110591e4..13a7e0d4 100644 +--- a/src/rc/rc.c ++++ b/src/rc/rc.c +@@ -738,6 +738,7 @@ int main(int argc, char **argv) + const char *bootlevel = NULL; + char *newlevel = NULL; + const char *systype = NULL; ++ RC_STRINGLIST *runlevel_chain; + RC_STRINGLIST *deporder = NULL; + RC_STRINGLIST *tmplist; + RC_STRING *service; +@@ -993,6 +994,7 @@ int main(int argc, char **argv) + main_hotplugged_services = rc_services_in_state(RC_SERVICE_HOTPLUGGED); + main_start_services = rc_services_in_runlevel_stacked(newlevel ? + newlevel : runlevel); ++ runlevel_chain = rc_runlevel_stacks(newlevel ? newlevel : runlevel); + if (strcmp(newlevel ? newlevel : runlevel, RC_LEVEL_SHUTDOWN) != 0 && + strcmp(newlevel ? newlevel : runlevel, RC_LEVEL_SYSINIT) != 0) + { +@@ -1010,6 +1012,7 @@ int main(int argc, char **argv) + tmplist = rc_services_in_runlevel(bootlevel); + TAILQ_CONCAT(main_start_services, tmplist, entries); + free(tmplist); ++ rc_stringlist_add(runlevel_chain, bootlevel); + } + if (main_hotplugged_services) { + TAILQ_FOREACH(service, main_hotplugged_services, +@@ -1018,6 +1021,7 @@ int main(int argc, char **argv) + service->value); + } + } ++ rc_stringlist_add(runlevel_chain, RC_LEVEL_SYSINIT); + } + + parallel = rc_conf_yesno("rc_parallel"); +@@ -1074,9 +1078,6 @@ int main(int argc, char **argv) + + /* If we have a list of services to start then... */ + if (main_start_services) { +- /* Get a list of the chained runlevels which compose the target runlevel */ +- RC_STRINGLIST *runlevel_chain = rc_runlevel_stacks(runlevel); +- + /* Loop through them in reverse order. */ + RC_STRING *rlevel; + TAILQ_FOREACH_REVERSE(rlevel, runlevel_chain, rc_stringlist, entries) +-- +2.11.0 + diff --git a/system/openrc/0006-mount-efivars-read-only.patch b/system/openrc/0006-mount-efivars-read-only.patch new file mode 100644 index 000000000..ec2321dd2 --- /dev/null +++ b/system/openrc/0006-mount-efivars-read-only.patch @@ -0,0 +1,27 @@ +From 37feb4b716525f0c5c5469f21686ab4efcf06fab Mon Sep 17 00:00:00 2001 +From: Natanael Copa <ncopa@alpinelinux.org> +Date: Wed, 1 Feb 2017 04:18:53 +0000 +Subject: [PATCH 6/7] mount efivars read-only + +unintentional writes to efivars may result in bricked hardware. mount it +read-only to play safe. +--- + init.d/sysfs.in | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/init.d/sysfs.in b/init.d/sysfs.in +index e493f584..bfd0d438 100644 +--- a/init.d/sysfs.in ++++ b/init.d/sysfs.in +@@ -101,7 +101,7 @@ mount_misc() + if [ -d /sys/firmware/efi/efivars ] && + ! mountinfo -q /sys/firmware/efi/efivars; then + ebegin "Mounting efivarfs filesystem" +- mount -n -t efivarfs -o ${sysfs_opts} \ ++ mount -n -t efivarfs -o ro,${sysfs_opts} \ + efivarfs /sys/firmware/efi/efivars 2> /dev/null + eend 0 + fi +-- +2.11.1 + diff --git a/system/openrc/0007-make-consolefont-service-compatible-with-busyboxs-se.patch b/system/openrc/0007-make-consolefont-service-compatible-with-busyboxs-se.patch new file mode 100644 index 000000000..6c23e2ab0 --- /dev/null +++ b/system/openrc/0007-make-consolefont-service-compatible-with-busyboxs-se.patch @@ -0,0 +1,70 @@ +From 3d0d2b89745597ea973129eafa3f999cf19d761f Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?S=C3=B6ren=20Tempel?= <soeren+git@soeren-tempel.net> +Date: Wed, 17 Aug 2016 17:52:58 +0200 +Subject: [PATCH 7/7] make consolefont service compatible with busyboxs setfont + applet + +Compared to kdbs setfont program it doesn't support -O and -m. +--- + conf.d/consolefont | 11 ++--------- + init.d/consolefont.in | 7 ++----- + 2 files changed, 4 insertions(+), 14 deletions(-) + +diff --git a/conf.d/consolefont b/conf.d/consolefont +index e01ae842..75544b2f 100644 +--- a/conf.d/consolefont ++++ b/conf.d/consolefont +@@ -3,16 +3,9 @@ + # + # consolefont specifies the default font that you'd like Linux to use on the + # console. You can find a good selection of fonts in /usr/share/consolefonts; +-# you shouldn't specify the trailing ".psf.gz", just the font name below. +-# To use the default console font, comment out the CONSOLEFONT setting below. +-consolefont="default8x16" ++consolefont="default8x16.psf.gz" + + # consoletranslation is the charset map file to use. Leave commented to use + # the default one. Have a look in /usr/share/consoletrans for a selection of + # map files you can use. +-#consoletranslation="8859-1_to_uni" +- +-# unicodemap is the unicode map file to use. Leave commented to use the +-# default one. Have a look in /usr/share/unimaps for a selection of map files +-# you can use. +-#unicodemap="iso01" ++#consoletranslation="8859-1_to_uni.trans" +diff --git a/init.d/consolefont.in b/init.d/consolefont.in +index 9fe95afa..173ed426 100644 +--- a/init.d/consolefont.in ++++ b/init.d/consolefont.in +@@ -22,7 +22,6 @@ start() + { + ttyn=${rc_tty_number:-${RC_TTY_NUMBER:-12}} + consolefont=${consolefont:-${CONSOLEFONT}} +- unicodemap=${unicodemap:-${UNICODEMAP}} + consoletranslation=${consoletranslation:-${CONSOLETRANSLATION}} + + if [ -z "$consolefont" ]; then +@@ -43,9 +42,6 @@ start() + if [ -n "$consoletranslation" ]; then + param="$param -m $consoletranslation" + fi +- if [ -n "${unicodemap}" ]; then +- param="$param -u $unicodemap" +- fi + + # Set the console font + ebegin "Setting console font [$consolefont]" +@@ -63,7 +59,8 @@ start() + # Store the font so we can use it ASAP on boot + if [ $retval -eq 0 ] && checkpath -W "$RC_LIBEXECDIR"; then + mkdir -p "$RC_LIBEXECDIR"/console +- setfont -O "$RC_LIBEXECDIR"/console/font ++ zcat "/usr/share/consolefonts/$consolefont" \ ++ > "$RC_LIBEXECDIR"/console/font + fi + + return $retval +-- +2.11.0 + diff --git a/system/openrc/APKBUILD b/system/openrc/APKBUILD new file mode 100644 index 000000000..31e6adee6 --- /dev/null +++ b/system/openrc/APKBUILD @@ -0,0 +1,93 @@ +# Maintainer: Natanael Copa <ncopa@alpinelinux.org> +pkgname=openrc +pkgver=0.24.1 +_ver=${pkgver/_git*/} +pkgrel=6 +pkgdesc="OpenRC manages the services, startup and shutdown of a host" +url="http://git.overlays.gentoo.org/gitweb/?p=proj/openrc.git" +arch="all" +license='BSD-2' +depends="psmisc /sbin/init" +makedepends="bsd-compat-headers" +subpackages="$pkgname-doc $pkgname-dev" +install="$pkgname.post-install $pkgname.post-upgrade" +source="$pkgname-$pkgver.tar.gz::https://github.com/OpenRC/openrc/archive/$pkgver.tar.gz + + 0001-call-sbin-mkmntdirs-in-localmount-OpenRC-service.patch + 0002-force-root-be-rw-before-localmount.patch + 0003-sysctl-add-compatibility-for-busybox-sysctl.patch + 0004-hide-error-when-migrating-var-run-to-run.patch + 0005-rc-pull-in-sysinit-and-boot-as-stacked-levels-when-n.patch + 0006-mount-efivars-read-only.patch + 0007-make-consolefont-service-compatible-with-busyboxs-se.patch + + openrc-configuration.patch + + openrc.logrotate + hostname.initd + hwdrivers.initd + keymaps.initd + modules.initd + modloop.initd + modloop.confd + sysfsconf.initd + " + +builddir="$srcdir/$pkgname-$_ver" +prepare() { + default_prepare + sed -i -e '/^sed/d' "$builddir"/pkgconfig/Makefile +} + +build() { + cd "$builddir" + export BRANDING="Adélie Linux" + make LIBEXECDIR=/lib/rc MKNET=no +} + +check() { + cd "$builddir" + make check +} + +package() { + cd "$builddir" + make LIBEXECDIR=/lib/rc DESTDIR="$pkgdir/" install + + # we cannot have anything turned on by default + mkdir -p "$pkgdir"/usr/share/openrc || true + mv "$pkgdir"/etc/runlevels "$pkgdir"/usr/share/openrc/runlevels + + # we override some of the scripts + for i in "$srcdir"/*.initd; do + j=${i##*/} + install -Dm755 $i "$pkgdir"/etc/init.d/${j%.initd} + done + + # we override some of the conf.d files + for i in "$srcdir"/*.confd; do + j=${i##*/} + install -Dm644 $i "$pkgdir"/etc/conf.d/${j%.confd} + done + + install -Dm644 "$srcdir/$pkgname.logrotate" "$pkgdir/etc/logrotate.d/$pkgname" + install -d "$pkgdir"/etc/local.d "$pkgdir"/run +} + +sha512sums="8d2aec029cb675ae5d446fe4a2f9613fac2fc5ea74b091d93e62b1f7bd4f8e3a96893bafa39a301129dad4623cc30acdcfd9e383a74f98c69f29820adb6d9aa0 openrc-0.24.1.tar.gz +71fce711adbcb411189a089f1d49567c50348e12c42b7a9c9b582dae5d18051f88ccf81c768337e87d6792d953e84d1e8b93d7978a1947d7d20ef3b1cd330875 0001-call-sbin-mkmntdirs-in-localmount-OpenRC-service.patch +aedf77f9159fefb4bd5f30a29a33b6aedbc986c9a0f993aa928cc79fbe24aac76bd9e5974dcce52ee8736c22d7e90375930d4bb5c66af3519d8e46590df00fe1 0002-force-root-be-rw-before-localmount.patch +9dea3fcdb90e3e8078a771beefeba3ca91b9966a1b8ee9ff96cf460e7dd21abbc4a46a501a960c3edf5a76c083c2cf60ccb06d9da7a4c6df2a50660745beb278 0003-sysctl-add-compatibility-for-busybox-sysctl.patch +d54630d40a2d6b10a325cb012d4efcda997a60c008ca953ce5d60059d3f267308a59dabddf93a5fc0d301aa91967137d144effbe5f574394af768ce4ebc48738 0004-hide-error-when-migrating-var-run-to-run.patch +39a35c54ec9112fe84c901ed155a711cec8e194af02d5483ee60b80743dab12391e6fdc7b3da2f86844dd4edcf53e681ff95bd4d6fa1101a89ce54dce2ddbb7c 0005-rc-pull-in-sysinit-and-boot-as-stacked-levels-when-n.patch +7221dd2daccd8844f6f9481b7b5921abc2711c8abd1a4bb72f04db8fd8e734b817f5d0d571daea0e2e05d3bc687f75ee1d8025249996bdee0b3328e18d9da7d3 0006-mount-efivars-read-only.patch +234c4f3cf39df3350dbea25c00b8d584794b28194f44c726767a6a16d91a26fee1b5d2dd16635f19803fc015b4e9d99c52b23128e6b815938b88365feba8cf59 0007-make-consolefont-service-compatible-with-busyboxs-se.patch +2dde266f3176456724e4b0c40476e7061e31986b67744b4a53c71ba0d3896860b4569e3af2ea4777a9d8fe3b6282ff869666570f1daa86cdc410c0e09805c990 openrc-configuration.patch +12bb6354e808fbf47bbab963de55ee7901738b4a912659982c57ef2777fff9a670e867fcb8ec316a76b151032c92dc89a950d7d1d835ef53f753a8f3b41d2cec openrc.logrotate +99b542c0903ad6874b8c308b2e0660a4fe2ff9db962dfec65325cd12c368873a2ae800d5e6d42dc4deff775e1d5c0068869eb72581f7ab16e88d5738afe1d3dd hostname.initd +c06eac7264f6cc6888563feeae5ca745aae538323077903de1b19102e4f16baa34c18b8c27af5dd5423e7670834e2261e9aa55f2b1ec8d8fdc2be105fe894d55 hwdrivers.initd +584ecbbcecb284527d7616790b6e337ace610e4b3cedf2993eca294bfbef54674aeaee3078b6c17d746a0c48b5a64a813c3534136915947e6f62a6fa206cd3ca keymaps.initd +b04058ec630e19de0bafefe06198dc1bff8c8d5d2c89e4660dd83dda8bb82a76cdb1d8661cce88e4a406aa6b4152e17efff52d3eb18ffaec0751d0b6cdbcc48a modules.initd +92c0245ba4d7cc6828a9b68510fb541cf3b21b9b844a858336af60e84d1db62ddb4471aad0d82ef05d639335a81014f8350a71a746c2bcd90697daa6a8c03408 modloop.initd +aa702a7da8e6c0e5d8738febaf6b4e4cb021b30ce5c1809b530abf2b36739079446b16fc054740da8d86ed099942cf5deed6597cedb64c058f3def587a8b4689 modloop.confd +d76c75c58e6f4b0801edac4e081b725ef3d50a9a8c9bbb5692bf4d0f804af7d383bf71a73d5d03ed348a89741ef0b2427eb6a7cbf5a9b9ff60a240639fa6ec88 sysfsconf.initd" diff --git a/system/openrc/hostname.initd b/system/openrc/hostname.initd new file mode 100644 index 000000000..c1580db08 --- /dev/null +++ b/system/openrc/hostname.initd @@ -0,0 +1,18 @@ +#!/sbin/openrc-run + +description="Sets the hostname of the machine." + +depend() { + keyword -prefix -lxc +} + +start() { + if [ -s /etc/hostname ] ; then + opts="-F /etc/hostname" + else + opts="localhost" + fi + ebegin "Setting hostname" + hostname $opts + eend $? +} diff --git a/system/openrc/hwdrivers.initd b/system/openrc/hwdrivers.initd new file mode 100644 index 000000000..80184c971 --- /dev/null +++ b/system/openrc/hwdrivers.initd @@ -0,0 +1,32 @@ +#!/sbin/openrc-run + +depend() { + need sysfs dev + before checkfs fsck + after modloop + keyword -vserver -lxc +} + +# Load hardware drivers +start() { + # check for boot option "nocoldplug" + if get_bootparam noautodetect; then + ewarn "Autodetection of hardware disabled from boot cmdline" + return 0 + fi + + ebegin "Loading hardware drivers" + find /sys -name modalias -type f -print0 | xargs -0 sort -u \ + | xargs modprobe -b -a 2> /dev/null + # we run it twice so we detect all devices + find /sys -name modalias -type f -print0 | xargs -0 sort -u \ + | xargs modprobe -b -a 2> /dev/null + + # check if framebuffer drivers got pulled in + if [ -e /dev/fb0 ] && ! [ -e /sys/module/fbcon ]; then + modprobe -b -q fbcon + fi + + eend 0 +} + diff --git a/system/openrc/keymaps.initd b/system/openrc/keymaps.initd new file mode 100644 index 000000000..24d1e8777 --- /dev/null +++ b/system/openrc/keymaps.initd @@ -0,0 +1,20 @@ +#!/sbin/openrc-run + +description="Applies a keymap for the consoles." + +depend() +{ + need localmount + keyword -openvz -prefix -uml -vserver -xenu -lxc +} + +start() { + [ -z "$KEYMAP" ] && return + ebegin "Setting keymap" + zcat "$KEYMAP" | loadkmap + eend $? +} + +stop() { + return +} diff --git a/system/openrc/modloop.confd b/system/openrc/modloop.confd new file mode 100644 index 000000000..de4cbb62b --- /dev/null +++ b/system/openrc/modloop.confd @@ -0,0 +1,3 @@ +# enable loadable module support when running from RAM +# when unionfs support is available in the kernel +unionfs_size="32M" diff --git a/system/openrc/modloop.initd b/system/openrc/modloop.initd new file mode 100644 index 000000000..9d664dd40 --- /dev/null +++ b/system/openrc/modloop.initd @@ -0,0 +1,124 @@ +#!/sbin/openrc-run + +# script that will mount image with modules + +depend() { + after dev-mount + before checkfs fsck hwdrivers modules hwclock dev sysfs + keyword -vserver -lxc +} + +# read kernel options +init_KOPT() { + for opt in $(cat /proc/cmdline 2>/dev/null); do + case "$opt" in + modloop=*) + eval "KOPT_${opt%%=*}='${opt#*=}'" ;; + esac + done +} + +mountdirs() { + awk '$2 !~ /^\/(sys|proc|dev|run)/ && $2 != "/" {print $2}' /proc/mounts +} + +find_modloop() { + local dir="$1" + local kver=$(uname -r) + local oifs="$IFS" + IFS=$'\n' + set -- $(blkid "$dir"/boot/* "$dir"/*) + IFS="$oifs" + for line; do + img=${line%%:*} + mount "$img" -o loop,ro /.modloop || continue + if [ -d /.modloop/modules/$kver ]; then + return 0 + fi + umount /.modloop + done + return 1 +} + +find_backing_file() { + local dir="$1" + local dev=$(df -P "$dir" | tail -1 | awk '{print $1}') + cat /sys/block/${dev#/dev/}/loop/backing_file 2>/dev/null +} + +start() { + local modloop= mount_opts= modloop_dldir="/lib" + init_KOPT + + mkdir -p /.modloop /lib + case "$KOPT_modloop" in + http://*|https://*|ftp://*) + wget -P "$modloop_dldir" "$KOPT_modloop" \ + && modloop=$modloop_dldir/$(basename $KOPT_modloop) + ;; + *) + for dir in $(mountdirs); do + if [ -f "$dir"/$KOPT_modloop ]; then + modloop="$dir/${KOPT_modloop##/}" + alpine_mnt="$dir" + break + fi + done + ;; + esac + + ebegin "Mounting modloop $modloop" + if [ -n "$modloop" ]; then + mount -o loop,ro $modloop /.modloop + eend $? || return 1 + else + for dir in $(mountdirs); do + if find_modloop "$dir"; then + alpine_mnt="$dir" + break + fi + done + if [ -d /.modloop/modules/$(uname -r) ]; then + eend 0 + else + eend 1 || return 1 + fi + fi + + #use overlayfs if available and configured + if grep -q -w "overlay$" /proc/filesystems && [ -n "$unionfs_size" ]; then + ebegin "OverlayFS detected, mounting modloop rw" + mkdir -p /.modunisonfs /lib/modules + mount -t tmpfs -o size="$unionfs_size" tmpfs /.modunisonfs + mkdir -p /.modunisonfs/modules /.modunisonfs/work + mount -t overlay -o upperdir=/.modunisonfs/modules,lowerdir=/.modloop/modules,workdir=/.modunisonfs/work overlay /lib/modules + eend $? || return 1 + else + rm -rf /lib/modules && ln -sf /.modloop/modules /lib/ + fi + + # copy firmware if there are any + if [ -d $alpine_mnt/firmware ]; then + ebegin "Copying firmware from $alpine_mnt/firmware" + cp -R -a $alpine_mnt/firmware /lib/ + eend $? + elif [ -d /lib/modules/firmware ]; then + rmdir /lib/firmware 2>/dev/null \ + && ln -s /lib/modules/firmware /lib/ + fi + return 0 +} + +stop() { + local rc=0 + if mountinfo --quiet /.modunisonfs/modules && mountinfo --quiet /lib/modules; then + umount /lib/modules + umount /.modunisonfs/modules + fi + if mountinfo --quiet /.modloop; then + ebegin "Unmounting /.modloop" + umount -d /.modloop + eend $? || return 1 + fi +} + diff --git a/system/openrc/modules.initd b/system/openrc/modules.initd new file mode 100644 index 000000000..d90a3e687 --- /dev/null +++ b/system/openrc/modules.initd @@ -0,0 +1,29 @@ +#!/sbin/openrc-run + +description="Loads a user defined list of kernel modules." + +depend() +{ + before hwclock hwdrivers + keyword -openvz -prefix -vserver -lxc +} + +start() { + ebegin "Loading modules" + for f in /etc/modules \ + /etc/modules-load.d/*.conf \ + /run/modules-load.d/*.conf \ + /usr/lib/modules-load.d/*.conf \ + /lib/modules-load.d/*.conf; do + if ! [ -f "$f" ]; then + continue + fi + + sed -e 's/\#.*//g' -e '/^[[:space:]]*$/d' < "$f" \ + | while read module args; do + modprobe -q $module $args + done + done + eend $? +} + diff --git a/system/openrc/openrc-configuration.patch b/system/openrc/openrc-configuration.patch new file mode 100644 index 000000000..ff2ce5f34 --- /dev/null +++ b/system/openrc/openrc-configuration.patch @@ -0,0 +1,20 @@ +--- openrc-0.24.1/etc/rc.conf.original 2017-03-14 19:58:26.000000000 -0500 ++++ openrc-0.24.1/etc/rc.conf 2017-08-22 23:48:32.903169635 -0500 +@@ -48,7 +48,7 @@ + # /var/log/rc.log + # NOTE: Linux systems require the devfs service to be started before + # logging can take place and as such cannot log the sysinit runlevel. +-#rc_logger="NO" ++rc_logger="YES" + + # Through rc_log_path you can specify a custom log file. + # The default value is: /var/log/rc.log +@@ -89,7 +89,7 @@ + # There variables are shared between many init scripts + + # Set unicode to YES to turn on unicode support for keyboards and screens. +-#unicode="NO" ++unicode="YES" + + # This is how long fuser should wait for a remote server to respond. The + # default is 60 seconds, but it can be adjusted here. diff --git a/system/openrc/openrc.logrotate b/system/openrc/openrc.logrotate new file mode 100644 index 000000000..5e5e64b9b --- /dev/null +++ b/system/openrc/openrc.logrotate @@ -0,0 +1,4 @@ +/var/log/rc.log { + missingok + notifempty +} diff --git a/system/openrc/openrc.post-install b/system/openrc/openrc.post-install new file mode 100644 index 000000000..1057eed41 --- /dev/null +++ b/system/openrc/openrc.post-install @@ -0,0 +1,36 @@ +#!/bin/sh + +rc_update() { + local svc="$1" + local level="$2" + mkdir -p /etc/runlevels/$level + ln -sf /etc/init.d/$svc /etc/runlevels/$level +} + +if [ ! -d etc/rcS.d ] && [ ! -d etc/rcL.d ]; then + exit 0 +fi + +for i in etc/rc[SL].d/*; do + [ -L "$i" ] || continue + oldsvc=${i##*/S[0-9][0-9]} + # some services are renamed + case "$oldsvc" in + modutils) svc=modules;; + procps) svc=sysctl;; + bootmisc.sh) svc=bootmisc;; + keymap) svc=keymaps;; + rc.local) svc=local;; + *) svc=$oldsvc;; + esac + + # add the service to correct "runlevel" + case "$svc" in + hwclock|modules|sysctl|hostname|keymaps|syslog|bootmisc) + rc_update $svc boot;; + *) rc_update $svc default;; + esac + + rm $i +done + diff --git a/system/openrc/openrc.post-upgrade b/system/openrc/openrc.post-upgrade new file mode 100644 index 000000000..8884202be --- /dev/null +++ b/system/openrc/openrc.post-upgrade @@ -0,0 +1,35 @@ +#!/bin/sh + +# in 0.8.0-r1 the state dir moved from /libexec/rc/init.d to /lib/rc/init.d +# and with 0.10 it moved to /run/openrc + +mkdir -p /run/openrc +for dir in /libexec /lib; do + [ -d $dir/rc/init.d ] || continue + + for i in $dir/rc/init.d/* ; do + [ -e "$i" ] || continue + if [ -e /run/openrc/${i##*/} ]; then + rm -r $i + else + mv $i /run/openrc/ + fi + done + + rmdir $dir/rc/init.d $dir/rc /libexec 2>/dev/null +done + +# create rc.local compat +if [ -f /etc/rc.local ]; then + cat >/etc/local.d/rc.local-compat.start<<__EOF__ +#!/bin/sh + +# this is only here for compatibility reasons +if [ -f /etc/rc.local ]; then + . /etc/rc.local +fi +__EOF__ + chmod +x /etc/local.d/rc.local-compat.start +fi + +exit 0 diff --git a/system/openrc/sysfsconf.initd b/system/openrc/sysfsconf.initd new file mode 100644 index 000000000..433e51d63 --- /dev/null +++ b/system/openrc/sysfsconf.initd @@ -0,0 +1,66 @@ +#!/sbin/openrc-run + +description="Set sysfs variables from /etc/sysfs.conf and /etc/sysfs.d/*.conf" +conffile=/etc/sysfs.conf +confdir=/etc/sysfs.d + +depend() { + need sysfs +} + +setval() { + local value="$1" attrib="$2" + # Some fields need a terminating newline, others + # need the terminating newline to be absent :-( + echo -n "$value" > "$attrib" 2>/dev/null \ + || echo "$value" > "$attrib" +} + +load_conffile() { + local file="$1" + while read line; do + local line=${line%%#*} + local cmd= attrib= value= + set -- $line + if [ $# -eq 0 ]; then + continue + fi + case "$1$3" in + mode=) cmd=chmod + attrib="$2" + value="$4" + ;; + owner=) cmd=chown + attrib="$2" + value="$4" + ;; + *) if [ "$2" = "=" ]; then + cmd=setval + attrib="$1" + value="$3" + fi + ;; + esac + if ! [ -e "/sys/$attrib" ]; then + eerror "$attrib: unknown attribute" + continue + fi + if [ -z "$attrib" ] || [ -z "$value" ]; then + eerror "syntax error in $file: '$line'" + continue + fi + $cmd "$value" "/sys/$attrib" + done < "$file" +} + +start() { + [ -r "$conffile" -o -d "$confdir" ] || return 0 + ebegin "Setting sysfs variables" + for file in $confdir/*.conf $conffile; do + [ -r "$file" ] || continue + load_conffile "$file" || return 1 + done + eend 0 + +} + diff --git a/system/openssh/APKBUILD b/system/openssh/APKBUILD new file mode 100644 index 000000000..90a628d27 --- /dev/null +++ b/system/openssh/APKBUILD @@ -0,0 +1,181 @@ +# Contributor: Leonardo Arena <rnalrd@alpinelinux.org> +# Contributor: Valery Kartel <valery.kartel@gmail.com> +# Maintainer: Natanael Copa <ncopa@alpinelinux.org> +pkgname=openssh +pkgver=7.5_p1 +_myver=${pkgver%_*}${pkgver#*_} +pkgrel=5 +pkgdesc="Port of OpenBSD's free SSH release" +url="http://www.openssh.org/portable.html" +arch="all" +license="as-is" +options="suid !check" +depends="openssh-client openssh-sftp-server openssh-server" +makedepends_build="linux-pam-dev" +makedepends_host="openssl-dev zlib-dev linux-headers linux-pam-dev" +makedepends="$makedepends_build $makedepends_host" +subpackages="$pkgname-doc + $pkgname-keygen + $pkgname-client + $pkgname-keysign + $pkgname-sftp-server:sftp + $pkgname-server-common:server_common:noarch + $pkgname-server + " + +source="http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/$pkgname-$_myver.tar.gz + openssh7.4-peaktput.patch + openssh7.4-dynwindows.patch + fix-utmp.patch + bsd-compatible-realpath.patch + sshd.initd + sshd.confd + sftp-interactive.patch + openssh-7.5p1-sandbox.patch + " +# secfixes: +# 7.4_p1: +# - CVE-2016-10009 +# - CVE-2016-10010 +# - CVE-2016-10011 +# - CVE-2016-10012 + +# HPN patches are from: http://hpnssh.sourceforge.net/ + +builddir="$srcdir"/$pkgname-$_myver + +prepare() { + cd "$builddir" + default_prepare + for _flavour in $_pkgsupport; do + cp -R "$srcdir"/$pkgname-$_myver "$srcdir"/$pkgname-${_myver}-$_flavour + done +} + +build() { + cd "$builddir" + export LD="$CC" + ./configure --build=$CBUILD \ + --host=$CHOST \ + --prefix=/usr \ + --sysconfdir=/etc/ssh \ + --libexecdir=/usr/lib/ssh \ + --mandir=/usr/share/man \ + --with-pid-dir=/run \ + --with-mantype=man \ + --with-ldflags="${LDFLAGS}" \ + --disable-lastlog \ + --disable-strip \ + --disable-wtmp \ + --with-privsep-path=/var/empty \ + --with-xauth=/usr/bin/xauth \ + --with-privsep-user=sshd \ + --with-md5-passwords \ + --with-ssl-engine \ + --with-pam + make +} + +package() { + cd "$builddir" + make DESTDIR="$pkgdir" install + mkdir -p "$pkgdir"/var/empty + install -D -m755 "$srcdir"/sshd.initd \ + "$pkgdir"/etc/init.d/sshd + install -D -m644 "$srcdir"/sshd.confd \ + "$pkgdir"/etc/conf.d/sshd + install -Dm644 "$builddir"/contrib/ssh-copy-id.1 \ + "$pkgdir"/usr/share/man/man1/ssh-copy-id.1 +} + +keygen() { + pkgdesc="ssh helper program for generating keys" + depends= + install -d "$subpkgdir"/usr/bin + mv "$pkgdir"/usr/bin/ssh-keygen \ + "$subpkgdir"/usr/bin/ +} + +client() { + pkgdesc="OpenBSD's SSH client" + depends="openssh-keygen" + install -d "$subpkgdir"/usr/bin \ + "$subpkgdir"/usr/lib/ssh \ + "$subpkgdir"/etc/ssh \ + "$subpkgdir"/var/empty + + mv "$pkgdir"/usr/bin/* \ + "$subpkgdir"/usr/bin/ + mv "$pkgdir"/etc/ssh/ssh_config \ + "$pkgdir"/etc/ssh/moduli \ + "$subpkgdir"/etc/ssh/ + install -Dm755 "$builddir"/contrib/findssl.sh \ + "$subpkgdir"/usr/bin/findssl.sh + install -Dm755 "$builddir"/contrib/ssh-copy-id \ + "$subpkgdir"/usr/bin/ssh-copy-id + install -Dm755 "$builddir"/ssh-pkcs11-helper \ + "$subpkgdir"/usr/bin/ssh-pkcs11-helper +} + +keysign() { + pkgdesc="ssh helper program for host-based authentication" + depends="openssh-client" + install -d "$subpkgdir"/usr/lib/ssh + mv "$pkgdir"/usr/lib/ssh/ssh-keysign \ + "$subpkgdir"/usr/lib/ssh/ +} + +sftp() { + pkgdesc="ssh sftp server module" + depends="" + install -d "$subpkgdir"/usr/lib/ssh + mv "$pkgdir"/usr/lib/ssh/sftp-server \ + "$subpkgdir"/usr/lib/ssh/ +} + +server_common() { + pkgdesc="OpenSSH server configuration files" + depends="" + for i in etc/ssh/sshd_config \ + etc/init.d/sshd \ + etc/conf.d/sshd; do + + install -d "$subpkgdir"/${i%/*} + mv "$pkgdir"/$i \ + "$subpkgdir"/${i%/*}/ + + done +} + +server() { + pkgdesc="OpenSSH server" + depends="openssh-keygen openssh-server-common" + cd "$builddir" + install -d "$subpkgdir"/usr/sbin + mv "$pkgdir"/usr/sbin/sshd "$subpkgdir"/usr/sbin/ +} + +_server() { + cd "$builddir" + install -d "$subpkgdir"/usr/sbin + mv "$1"/sshd "$subpkgdir"/usr/sbin/ +} + +_pkg_flavour() { + pkgdesc="OpenSSH server with $_flavour support" + depends="openssh-keygen openssh-server-common" + for _flavour in $_pkgsupport; do + cd "${builddir}"-$_flavour + _server "${builddir}"-$_flavour + done +} + +sha512sums="58c542e8a110fb4316a68db94abb663fa1c810becd0638d45281df8aeca62c1f705090437a80e788e6c29121769b72a505feced537d3118c933fde01b5285c81 openssh-7.5p1.tar.gz +398096a89aa104abeff31aa043ac406a6348e0fdd4d313b7888ee0b931d38fd71fc21bceee46145e88f03bc27e00890e068442faee2d33f86cfbc04d58ffa4b6 openssh7.4-peaktput.patch +b9d736eae9b43de91fa3eb277ba8abc6290a8436b0fb00ae3b0f1b2eabba9983e4d2a1e3c68f5514247d0a3f120037f0795fd88fbf302aabd2d1b54a325a04ee openssh7.4-dynwindows.patch +f35fffcd26635249ce5d820e7b3e406e586f2d2d7f6a045f221e2f9fb53aebc1ab1dd1e603b3389462296ed77921a1d08456e7aaa3825cbed08f405b381a58e1 fix-utmp.patch +f2b8daa537ea3f32754a4485492cc6eb3f40133ed46c0a5a29a89e4bcf8583d82d891d94bf2e5eb1c916fa68ec094abf4e6cd641e9737a6c05053808012b3a73 bsd-compatible-realpath.patch +394a420a36880bb0dd37dfd8727cea91fd9de6534050169e21212a46513ef3aaafe2752c338699b3d4ccd14871b26cf01a152df8060cd37f86ce0665fd53c63f sshd.initd +ce0abddbd2004891f88efd8522c4b37a4989290269fab339c0fa9aacc051f7fd3b20813e192e92e0e64315750041cb74012d4321260f4865ff69d7a935b259d4 sshd.confd +c1d09c65dbc347f0904edc30f91aa9a24b0baee50309536182455b544f1e3f85a8cecfa959e32be8b101d8282ef06dde3febbbc3f315489339dcf04155c859a9 sftp-interactive.patch +15c5478bcae56c019a2fbd82ec04808537fd4ba1f1ba4a0a88c0343c16c698c45dbfac59eebc3fcfd3c15b302ebec43e60ffa02442a6c77673b14818ad3f7b60 openssh-7.5p1-sandbox.patch" diff --git a/system/openssh/bsd-compatible-realpath.patch b/system/openssh/bsd-compatible-realpath.patch new file mode 100644 index 000000000..1cdb4f7c5 --- /dev/null +++ b/system/openssh/bsd-compatible-realpath.patch @@ -0,0 +1,62 @@ +fix issues with fortify-headers and the way openssh handles the needed +BSD compatible realpath(3). + +unconditionally use the provided realpath() as otherwise cross-builds +would try to use musl realpath() which is posix compliant and not +working to openssh expectations. + +diff -ru openssh-7.2p2.orig/openbsd-compat/openbsd-compat.h openssh-7.2p2/openbsd-compat/openbsd-compat.h +--- openssh-7.2p2.orig/openbsd-compat/openbsd-compat.h 2016-03-09 20:04:48.000000000 +0200 ++++ openssh-7.2p2/openbsd-compat/openbsd-compat.h 2016-07-18 13:33:16.260357745 +0300 +@@ -68,17 +68,7 @@ + void *reallocarray(void *, size_t, size_t); + #endif + +-#if !defined(HAVE_REALPATH) || defined(BROKEN_REALPATH) +-/* +- * glibc's FORTIFY_SOURCE can redefine this and prevent us picking up the +- * compat version. +- */ +-# ifdef BROKEN_REALPATH +-# define realpath(x, y) _ssh_compat_realpath(x, y) +-# endif +- +-char *realpath(const char *path, char *resolved); +-#endif ++char *ssh_realpath(const char *path, char *resolved); + + #ifndef HAVE_RRESVPORT_AF + int rresvport_af(int *alport, sa_family_t af); +diff -ru openssh-7.2p2.orig/openbsd-compat/realpath.c openssh-7.2p2/openbsd-compat/realpath.c +--- openssh-7.2p2.orig/openbsd-compat/realpath.c 2016-03-09 20:04:48.000000000 +0200 ++++ openssh-7.2p2/openbsd-compat/realpath.c 2016-07-18 13:33:45.420721690 +0300 +@@ -31,7 +31,7 @@ + + #include "includes.h" + +-#if !defined(HAVE_REALPATH) || defined(BROKEN_REALPATH) ++#if 1 + + #include <sys/types.h> + #include <sys/param.h> +@@ -58,7 +58,7 @@ + * in which case the path which caused trouble is left in (resolved). + */ + char * +-realpath(const char *path, char *resolved) ++ssh_realpath(const char *path, char *resolved) + { + struct stat sb; + char *p, *q, *s; +diff -ru openssh-7.2p2.orig/sftp-server.c openssh-7.2p2/sftp-server.c +--- openssh-7.2p2.orig/sftp-server.c 2016-03-09 20:04:48.000000000 +0200 ++++ openssh-7.2p2/sftp-server.c 2016-07-18 13:34:29.131267241 +0300 +@@ -1162,7 +1162,7 @@ + } + debug3("request %u: realpath", id); + verbose("realpath \"%s\"", path); +- if (realpath(path, resolvedname) == NULL) { ++ if (ssh_realpath(path, resolvedname) == NULL) { + send_status(id, errno_to_portable(errno)); + } else { + Stat s; diff --git a/system/openssh/fix-utmp.patch b/system/openssh/fix-utmp.patch new file mode 100644 index 000000000..275e80590 --- /dev/null +++ b/system/openssh/fix-utmp.patch @@ -0,0 +1,11 @@ +--- openssh-6.8p1.orig/loginrec.c 2015-03-17 07:49:20.000000000 -0200 ++++ openssh-6.8p1/loginrec.c 2015-03-19 10:45:45.780276841 -0200 +@@ -783,7 +783,7 @@ + if (li->hostaddr.sa.sa_family == AF_INET) + utx->ut_addr = li->hostaddr.sa_in.sin_addr.s_addr; + # endif +-# ifdef HAVE_ADDR_V6_IN_UTMP ++# ifdef HAVE_ADDR_V6_IN_UTMPX + /* this is just a 128-bit IPv6 address */ + if (li->hostaddr.sa.sa_family == AF_INET6) { + sa6 = ((struct sockaddr_in6 *)&li->hostaddr.sa); diff --git a/system/openssh/openssh-7.5p1-sandbox.patch b/system/openssh/openssh-7.5p1-sandbox.patch new file mode 100644 index 000000000..7d09632c8 --- /dev/null +++ b/system/openssh/openssh-7.5p1-sandbox.patch @@ -0,0 +1,23 @@ +diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c +index 3a1aedce72c2..a8d472a63ccb 100644 +--- a/sandbox-seccomp-filter.c ++++ b/sandbox-seccomp-filter.c +@@ -50,6 +50,9 @@ + #include <elf.h> + + #include <asm/unistd.h> ++#ifdef __s390__ ++#include <asm/zcrypt.h> ++#endif + + #include <errno.h> + #include <signal.h> +@@ -235,7 +235,7 @@ static const struct sock_filter preauth_insns[] = { + * x86-64 syscall under some circumstances, e.g. + * https://bugs.debian.org/849923 + */ +- SC_ALLOW(__NR_clock_gettime & ~__X32_SYSCALL_BIT); ++ SC_ALLOW(__NR_clock_gettime & ~__X32_SYSCALL_BIT), + #endif + + /* Default deny */ diff --git a/system/openssh/openssh7.4-dynwindows.patch b/system/openssh/openssh7.4-dynwindows.patch new file mode 100644 index 000000000..45c42159e --- /dev/null +++ b/system/openssh/openssh7.4-dynwindows.patch @@ -0,0 +1,835 @@ +--- a/buffer.h ++++ b/buffer.h +@@ -16,6 +16,9 @@ + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + ++/* move the following to a more appropriate place and name */ ++#define BUFFER_MAX_LEN_HPN 0x4000000 /* 64MB */ ++ + /* Emulation wrappers for legacy OpenSSH buffer API atop sshbuf */ + + #ifndef BUFFER_H +--- a/channels.c ++++ b/channels.c +@@ -191,8 +191,14 @@ + static int connect_next(struct channel_connect *); + static void channel_connect_ctx_free(struct channel_connect *); + ++ ++static int hpn_disabled = 0; ++static int hpn_buffer_size = 2 * 1024 * 1024; ++ + /* -- channel core */ + ++ ++ + Channel * + channel_by_id(int id) + { +@@ -356,6 +362,7 @@ + c->local_window_max = window; + c->local_consumed = 0; + c->local_maxpacket = maxpack; ++ c->dynamic_window = 0; + c->remote_id = -1; + c->remote_name = xstrdup(remote_name); + c->remote_window = 0; +@@ -904,11 +911,35 @@ + FD_SET(c->sock, writeset); + } + ++int channel_tcpwinsz () { ++ u_int32_t tcpwinsz = 0; ++ socklen_t optsz = sizeof(tcpwinsz); ++ int ret = -1; ++ ++ /* if we aren't on a socket return 128KB*/ ++ if(!packet_connection_is_on_socket()) ++ return(128*1024); ++ ret = getsockopt(packet_get_connection_in(), ++ SOL_SOCKET, SO_RCVBUF, &tcpwinsz, &optsz); ++ /* return no more than 64MB */ ++ if ((ret == 0) && tcpwinsz > BUFFER_MAX_LEN_HPN) ++ tcpwinsz = BUFFER_MAX_LEN_HPN; ++ debug2("tcpwinsz: %d for connection: %d", tcpwinsz, ++ packet_get_connection_in()); ++ return(tcpwinsz); ++} ++ + static void + channel_pre_open(Channel *c, fd_set *readset, fd_set *writeset) + { + u_int limit = compat20 ? c->remote_window : packet_get_maxsize(); + ++ /* check buffer limits */ ++ if ((!c->tcpwinsz) || (c->dynamic_window > 0)) ++ c->tcpwinsz = channel_tcpwinsz(); ++ ++ limit = MIN(limit, 2 * c->tcpwinsz); ++ + if (c->istate == CHAN_INPUT_OPEN && + limit > 0 && + buffer_len(&c->input) < limit && +@@ -1926,14 +1957,21 @@ + c->local_maxpacket*3) || + c->local_window < c->local_window_max/2) && + c->local_consumed > 0) { ++ u_int addition = 0; ++ /* adjust max window size if we are in a dynamic environment */ ++ if (c->dynamic_window && (c->tcpwinsz > c->local_window_max)) { ++ /* grow the window somewhat aggressively to maintain pressure */ ++ addition = 1.5*(c->tcpwinsz - c->local_window_max); ++ c->local_window_max += addition; ++ } + packet_start(SSH2_MSG_CHANNEL_WINDOW_ADJUST); + packet_put_int(c->remote_id); +- packet_put_int(c->local_consumed); ++ packet_put_int(c->local_consumed + addition); + packet_send(); + debug2("channel %d: window %d sent adjust %d", + c->self, c->local_window, + c->local_consumed); +- c->local_window += c->local_consumed; ++ c->local_window += c->local_consumed + addition; + c->local_consumed = 0; + } + return 1; +@@ -3179,6 +3217,15 @@ + return addr; + } + ++ ++void ++channel_set_hpn(int external_hpn_disabled, int external_hpn_buffer_size) ++{ ++ hpn_disabled = external_hpn_disabled; ++ hpn_buffer_size = external_hpn_buffer_size; ++ debug("HPN Disabled: %d, HPN Buffer Size: %d", hpn_disabled, hpn_buffer_size); ++} ++ + static int + channel_setup_fwd_listener_tcpip(int type, struct Forward *fwd, + int *allocated_listen_port, struct ForwardOptions *fwd_opts) +@@ -3307,9 +3354,15 @@ + } + + /* Allocate a channel number for the socket. */ ++ /* explicitly test for hpn disabled option. if true use smaller window size */ ++ if (hpn_disabled) + c = channel_new("port listener", type, sock, sock, -1, + CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, + 0, "port listener", 1); ++ else ++ c = channel_new("port listener", type, sock, sock, -1, ++ hpn_buffer_size, CHAN_TCP_PACKET_DEFAULT, ++ 0, "port listener", 1); + c->path = xstrdup(host); + c->host_port = fwd->connect_port; + c->listening_addr = addr == NULL ? NULL : xstrdup(addr); +@@ -4313,10 +4366,17 @@ + *chanids = xcalloc(num_socks + 1, sizeof(**chanids)); + for (n = 0; n < num_socks; n++) { + sock = socks[n]; ++ /* Is this really necassary? */ ++ if (hpn_disabled) + nc = channel_new("x11 listener", + SSH_CHANNEL_X11_LISTENER, sock, sock, -1, + CHAN_X11_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT, + 0, "X11 inet listener", 1); ++ else ++ nc = channel_new("x11 listener", ++ SSH_CHANNEL_X11_LISTENER, sock, sock, -1, ++ hpn_buffer_size, CHAN_X11_PACKET_DEFAULT, ++ 0, "X11 inet listener", 1); + nc->single_connection = single_connection; + (*chanids)[n] = nc->self; + } +--- a/channels.h ++++ b/channels.h +@@ -135,8 +135,10 @@ + u_int local_window_max; + u_int local_consumed; + u_int local_maxpacket; ++ int dynamic_window; + int extended_usage; + int single_connection; ++ u_int tcpwinsz; + + char *ctype; /* type */ + +@@ -173,8 +175,10 @@ + /* default window/packet sizes for tcp/x11-fwd-channel */ + #define CHAN_SES_PACKET_DEFAULT (32*1024) + #define CHAN_SES_WINDOW_DEFAULT (64*CHAN_SES_PACKET_DEFAULT) ++ + #define CHAN_TCP_PACKET_DEFAULT (32*1024) + #define CHAN_TCP_WINDOW_DEFAULT (64*CHAN_TCP_PACKET_DEFAULT) ++ + #define CHAN_X11_PACKET_DEFAULT (16*1024) + #define CHAN_X11_WINDOW_DEFAULT (4*CHAN_X11_PACKET_DEFAULT) + +@@ -318,5 +322,8 @@ + void chan_rcvd_ieof(Channel *); + void chan_write_failed(Channel *); + void chan_obuf_empty(Channel *); ++ ++/* hpn handler */ ++void channel_set_hpn(int, int); + + #endif +--- a/clientloop.c ++++ b/clientloop.c +@@ -1990,9 +1990,15 @@ + sock = x11_connect_display(); + if (sock < 0) + return NULL; ++ /* again is this really necessary for X11? */ ++ if (options.hpn_disabled) + c = channel_new("x11", + SSH_CHANNEL_X11_OPEN, sock, sock, -1, + CHAN_TCP_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT, 0, "x11", 1); ++ else ++ c = channel_new("x11", ++ SSH_CHANNEL_X11_OPEN, sock, sock, -1, ++ options.hpn_buffer_size, CHAN_X11_PACKET_DEFAULT, 0, "x11", 1); + c->force_drain = 1; + return c; + } +@@ -2015,10 +2021,16 @@ + __func__, ssh_err(r)); + return NULL; + } ++ if (options.hpn_disabled) + c = channel_new("authentication agent connection", + SSH_CHANNEL_OPEN, sock, sock, -1, +- CHAN_X11_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0, ++ CHAN_X11_WINDOW_DEFAULT, CHAN_TCP_WINDOW_DEFAULT, 0, + "authentication agent connection", 1); ++ else ++ c = channel_new("authentication agent connection", ++ SSH_CHANNEL_OPEN, sock, sock, -1, ++ options.hpn_buffer_size, options.hpn_buffer_size, 0, ++ "authentication agent connection", 1); + c->force_drain = 1; + return c; + } +@@ -2045,9 +2057,17 @@ + return -1; + } + ++ if(options.hpn_disabled) + c = channel_new("tun", SSH_CHANNEL_OPENING, fd, fd, -1, +- CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0, "tun", 1); ++ CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, ++ 0, "tun", 1); ++ else ++ c = channel_new("tun", SSH_CHANNEL_OPENING, fd, fd, -1, ++ options.hpn_buffer_size, CHAN_TCP_PACKET_DEFAULT, ++ 0, "tun", 1); + c->datagram = 1; ++ ++ + + #if defined(SSH_TUN_FILTER) + if (options.tun_open == SSH_TUNMODE_POINTOPOINT) +--- a/compat.c ++++ b/compat.c +@@ -40,7 +40,7 @@ + + int compat13 = 0; + int compat20 = 0; +-int datafellows = 0; ++unsigned int datafellows = 0; + + void + enable_compat20(void) +@@ -63,7 +63,7 @@ compat_datafellows(const char *version) + int i; + static struct { + char *pat; +- int bugs; ++ unsigned int bugs; + } check[] = { + { "OpenSSH-2.0*," + "OpenSSH-2.1*," +@@ -210,6 +210,12 @@ compat_datafellows(const char *version) + debug("match: %s pat %s compat 0x%08x", + version, check[i].pat, check[i].bugs); + datafellows = check[i].bugs; /* XXX for now */ ++ /* Check to see if the remote side is OpenSSH and not HPN */ ++ if (strstr(version,"OpenSSH") != NULL && ++ strstr(version,"hpn") == NULL) { ++ datafellows |= SSH_BUG_LARGEWINDOW; ++ debug("Remote is NON-HPN aware"); ++ } + return check[i].bugs; + } + } +diff --git a/compat.h b/compat.h +index 2be290a..453c85e 100644 +--- a/compat.h ++++ b/compat.h +@@ -62,6 +62,7 @@ + #define SSH_BUG_CURVE25519PAD 0x10000000 + #define SSH_BUG_HOSTKEYS 0x20000000 + #define SSH_BUG_DHGEX_LARGE 0x40000000 ++#define SSH_BUG_LARGEWINDOW 0x80000000 + + void enable_compat13(void); + void enable_compat20(void); +@@ -73,5 +74,5 @@ char *compat_kex_proposal(char *); + + extern int compat13; + extern int compat20; +-extern int datafellows; ++extern unsigned int datafellows; + #endif +--- a/readconf.c ++++ b/readconf.c +@@ -154,6 +154,7 @@ + oCompressionLevel, oTCPKeepAlive, oNumberOfPasswordPrompts, + oUsePrivilegedPort, oLogLevel, oCiphers, oProtocol, oMacs, + oPubkeyAuthentication, ++ oTcpRcvBufPoll, oTcpRcvBuf, oHPNDisabled, oHPNBufferSize, + oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias, + oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication, + oHostKeyAlgorithms, oBindAddress, oPKCS11Provider, +@@ -297,6 +298,11 @@ + { "ignoreunknown", oIgnoreUnknown }, + { "proxyjump", oProxyJump }, + ++ { "tcprcvbufpoll", oTcpRcvBufPoll }, ++ { "tcprcvbuf", oTcpRcvBuf }, ++ { "hpndisabled", oHPNDisabled }, ++ { "hpnbuffersize", oHPNBufferSize }, ++ + { NULL, oBadOption } + }; + +@@ -973,6 +979,18 @@ + intptr = &options->check_host_ip; + goto parse_flag; + ++ case oHPNDisabled: ++ intptr = &options->hpn_disabled; ++ goto parse_flag; ++ ++ case oHPNBufferSize: ++ intptr = &options->hpn_buffer_size; ++ goto parse_int; ++ ++ case oTcpRcvBufPoll: ++ intptr = &options->tcp_rcv_buf_poll; ++ goto parse_flag; ++ + case oVerifyHostKeyDNS: + intptr = &options->verify_host_key_dns; + multistate_ptr = multistate_yesnoask; +@@ -1165,6 +1183,10 @@ + intptr = &options->connection_attempts; + goto parse_int; + ++ case oTcpRcvBuf: ++ intptr = &options->tcp_rcv_buf; ++ goto parse_int; ++ + case oCipher: + intptr = &options->cipher; + arg = strdelim(&s); +@@ -1845,6 +1867,10 @@ + options->ip_qos_interactive = -1; + options->ip_qos_bulk = -1; + options->request_tty = -1; ++ options->hpn_disabled = -1; ++ options->hpn_buffer_size = -1; ++ options->tcp_rcv_buf_poll = -1; ++ options->tcp_rcv_buf = -1; + options->proxy_use_fdpass = -1; + options->ignored_unknown = NULL; + options->num_canonical_domains = 0; +@@ -2008,6 +2034,28 @@ + options->server_alive_interval = 0; + if (options->server_alive_count_max == -1) + options->server_alive_count_max = 3; ++ if (options->hpn_disabled == -1) ++ options->hpn_disabled = 0; ++ if (options->hpn_buffer_size > -1) ++ { ++ /* if a user tries to set the size to 0 set it to 1KB */ ++ if (options->hpn_buffer_size == 0) ++ options->hpn_buffer_size = 1; ++ /*limit the buffer to 64MB*/ ++ if (options->hpn_buffer_size > 64*1024) ++ { ++ options->hpn_buffer_size = 64*1024*1024; ++ debug("User requested buffer larger than 64MB. Request reverted to 64MB"); ++ } ++ else options->hpn_buffer_size *= 1024; ++ debug("hpn_buffer_size set to %d", options->hpn_buffer_size); ++ } ++ if (options->tcp_rcv_buf == 0) ++ options->tcp_rcv_buf = 1; ++ if (options->tcp_rcv_buf > -1) ++ options->tcp_rcv_buf *=1024; ++ if (options->tcp_rcv_buf_poll == -1) ++ options->tcp_rcv_buf_poll = 1; + if (options->control_master == -1) + options->control_master = 0; + if (options->control_persist == -1) { +--- a/readconf.h ++++ b/readconf.h +@@ -57,6 +57,10 @@ typedef struct { + int compression_level; /* Compression level 1 (fast) to 9 + * (best). */ + int tcp_keep_alive; /* Set SO_KEEPALIVE. */ ++ int tcp_rcv_buf; /* user switch to set tcp recv buffer */ ++ int tcp_rcv_buf_poll; /* Option to poll recv buf every window transfer */ ++ int hpn_disabled; /* Switch to disable HPN buffer management */ ++ int hpn_buffer_size; /* User definable size for HPN buffer window */ + int ip_qos_interactive; /* IP ToS/DSCP/class for interactive */ + int ip_qos_bulk; /* IP ToS/DSCP/class for bulk traffic */ + LogLevel log_level; /* Level for logging. */ +--- a/scp.c ++++ b/scp.c +@@ -763,7 +763,7 @@ + off_t i, statbytes; + size_t amt, nr; + int fd = -1, haderr, indx; +- char *last, *name, buf[2048], encname[PATH_MAX]; ++ char *last, *name, buf[16384], encname[PATH_MAX]; + int len; + + for (indx = 0; indx < argc; ++indx) { +@@ -931,7 +931,7 @@ + off_t size, statbytes; + unsigned long long ull; + int setimes, targisdir, wrerrno = 0; +- char ch, *cp, *np, *targ, *why, *vect[1], buf[2048], visbuf[2048]; ++ char ch, *cp, *np, *targ, *why, *vect[1], buf[16384], visbuf[16384]; + struct timeval tv[2]; + + #define atime tv[0] +--- a/servconf.c ++++ b/servconf.c +@@ -159,6 +159,9 @@ + options->authorized_principals_file = NULL; + options->authorized_principals_command = NULL; + options->authorized_principals_command_user = NULL; ++ options->tcp_rcv_buf_poll = -1; ++ options->hpn_disabled = -1; ++ options->hpn_buffer_size = -1; + options->ip_qos_interactive = -1; + options->ip_qos_bulk = -1; + options->version_addendum = NULL; +@@ -190,6 +193,7 @@ + void + fill_default_server_options(ServerOptions *options) + { ++ int sock, socksize, socksizelen = sizeof(int); + int i; + + /* Portable-specific options */ +@@ -319,6 +323,41 @@ + } + if (options->permit_tun == -1) + options->permit_tun = SSH_TUNMODE_NO; ++ if (options->hpn_disabled == -1) ++ options->hpn_disabled = 0; ++ ++ if (options->hpn_buffer_size == -1) { ++ /* option not explicitly set. Now we have to figure out */ ++ /* what value to use */ ++ if (options->hpn_disabled == 1) { ++ options->hpn_buffer_size = CHAN_SES_WINDOW_DEFAULT; ++ } else { ++ /* get the current RCV size and set it to that */ ++ /*create a socket but don't connect it */ ++ /* we use that the get the rcv socket size */ ++ sock = socket(AF_INET, SOCK_STREAM, 0); ++ getsockopt(sock, SOL_SOCKET, SO_RCVBUF, ++ &socksize, &socksizelen); ++ close(sock); ++ options->hpn_buffer_size = socksize; ++ debug ("HPN Buffer Size: %d", options->hpn_buffer_size); ++ } ++ } else { ++ /* we have to do this incase the user sets both values in a contradictory */ ++ /* manner. hpn_disabled overrrides hpn_buffer_size*/ ++ if (options->hpn_disabled <= 0) { ++ if (options->hpn_buffer_size == 0) ++ options->hpn_buffer_size = 1; ++ /* limit the maximum buffer to 64MB */ ++ if (options->hpn_buffer_size > 64*1024) { ++ options->hpn_buffer_size = 64*1024*1024; ++ } else { ++ options->hpn_buffer_size *= 1024; ++ } ++ } else ++ options->hpn_buffer_size = CHAN_TCP_WINDOW_DEFAULT; ++ } ++ + if (options->ip_qos_interactive == -1) + options->ip_qos_interactive = IPTOS_LOWDELAY; + if (options->ip_qos_bulk == -1) +@@ -413,6 +452,7 @@ + sHostCertificate, + sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile, + sAuthorizedPrincipalsCommand, sAuthorizedPrincipalsCommandUser, ++ sTcpRcvBufPoll, sHPNDisabled, sHPNBufferSize, + sKexAlgorithms, sIPQoS, sVersionAddendum, + sAuthorizedKeysCommand, sAuthorizedKeysCommandUser, + sAuthenticationMethods, sHostKeyAgent, sPermitUserRC, +@@ -548,6 +588,9 @@ + { "revokedkeys", sRevokedKeys, SSHCFG_ALL }, + { "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL }, + { "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_ALL }, ++ { "hpndisabled", sHPNDisabled, SSHCFG_ALL }, ++ { "hpnbuffersize", sHPNBufferSize, SSHCFG_ALL }, ++ { "tcprcvbufpoll", sTcpRcvBufPoll, SSHCFG_ALL }, + { "kexalgorithms", sKexAlgorithms, SSHCFG_GLOBAL }, + { "ipqos", sIPQoS, SSHCFG_ALL }, + { "authorizedkeyscommand", sAuthorizedKeysCommand, SSHCFG_ALL }, +@@ -587,6 +630,7 @@ + + for (i = 0; keywords[i].name; i++) + if (strcasecmp(cp, keywords[i].name) == 0) { ++ debug ("Config token is %s", keywords[i].name); + *flags = keywords[i].flags; + return keywords[i].opcode; + } +@@ -1148,6 +1192,19 @@ + if (*activep && *intptr == -1) + *intptr = value; + break; ++ ++ ++ case sTcpRcvBufPoll: ++ intptr = &options->tcp_rcv_buf_poll; ++ goto parse_flag; ++ ++ case sHPNDisabled: ++ intptr = &options->hpn_disabled; ++ goto parse_flag; ++ ++ case sHPNBufferSize: ++ intptr = &options->hpn_buffer_size; ++ goto parse_int; + + case sIgnoreUserKnownHosts: + intptr = &options->ignore_user_known_hosts; +--- a/servconf.h ++++ b/servconf.h +@@ -166,6 +166,9 @@ + char *adm_forced_command; + + int use_pam; /* Enable auth via PAM */ ++ int tcp_rcv_buf_poll; /* poll tcp rcv window in autotuning kernels*/ ++ int hpn_disabled; /* disable hpn functionality. false by default */ ++ int hpn_buffer_size; /* set the hpn buffer size - default 3MB */ + + int permit_tun; + +--- a/serverloop.c ++++ b/serverloop.c +@@ -526,8 +526,12 @@ + sock = tun_open(tun, mode); + if (sock < 0) + goto done; ++ if (options.hpn_disabled) + c = channel_new("tun", SSH_CHANNEL_OPEN, sock, sock, -1, + CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0, "tun", 1); ++ else ++ c = channel_new("tun", SSH_CHANNEL_OPEN, sock, sock, -1, ++ options.hpn_buffer_size, CHAN_TCP_PACKET_DEFAULT, 0, "tun", 1); + c->datagram = 1; + #if defined(SSH_TUN_FILTER) + if (mode == SSH_TUNMODE_POINTOPOINT) +@@ -563,6 +567,8 @@ + c = channel_new("session", SSH_CHANNEL_LARVAL, + -1, -1, -1, /*window size*/0, CHAN_SES_PACKET_DEFAULT, + 0, "server-session", 1); ++ if ((options.tcp_rcv_buf_poll) && (!options.hpn_disabled)) ++ c->dynamic_window = 1; + if (session_open(the_authctxt, c->self) != 1) { + debug("session open failed, free channel %d", c->self); + channel_free(c); +--- a/session.c ++++ b/session.c +@@ -220,6 +220,7 @@ + goto authsock_err; + + /* Allocate a channel for the authentication agent socket. */ ++ /* this shouldn't matter if its hpn or not - cjr */ + nc = channel_new("auth socket", + SSH_CHANNEL_AUTH_SOCKET, sock, sock, -1, + CHAN_X11_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT, +@@ -2121,10 +2122,16 @@ + */ + if (s->chanid == -1) + fatal("no channel for session %d", s->self); ++ if (options.hpn_disabled) + channel_set_fds(s->chanid, + fdout, fdin, fderr, + ignore_fderr ? CHAN_EXTENDED_IGNORE : CHAN_EXTENDED_READ, + 1, is_tty, CHAN_SES_WINDOW_DEFAULT); ++ else ++ channel_set_fds(s->chanid, ++ fdout, fdin, fderr, ++ ignore_fderr ? CHAN_EXTENDED_IGNORE : CHAN_EXTENDED_READ, ++ 1, is_tty, options.hpn_buffer_size); + } + + /* +--- a/sftp.1 ++++ b/sftp.1 +@@ -266,7 +266,8 @@ + Specify how many requests may be outstanding at any one time. + Increasing this may slightly improve file transfer speed + but will increase memory usage. +-The default is 64 outstanding requests. ++The default is 256 outstanding requests providing for 8MB ++of outstanding data with a 32KB buffer. + .It Fl r + Recursively copy entire directories when uploading and downloading. + Note that +--- a/sftp.c ++++ b/sftp.c +@@ -72,7 +72,7 @@ + #include "sftp-client.h" + + #define DEFAULT_COPY_BUFLEN 32768 /* Size of buffer for up/download */ +-#define DEFAULT_NUM_REQUESTS 64 /* # concurrent outstanding requests */ ++#define DEFAULT_NUM_REQUESTS 256 /* # concurrent outstanding requests */ + + /* File to read commands from */ + FILE* infile; +--- a/ssh.c ++++ b/ssh.c +@@ -1910,6 +1910,9 @@ + { + Channel *c; + int window, packetmax, in, out, err; ++ int sock; ++ int socksize; ++ int socksizelen = sizeof(int); + + if (stdin_null_flag) { + in = open(_PATH_DEVNULL, O_RDONLY); +@@ -1930,9 +1933,74 @@ + if (!isatty(err)) + set_nonblock(err); + +- window = CHAN_SES_WINDOW_DEFAULT; ++ /* we need to check to see if what they want to do about buffer */ ++ /* sizes here. In a hpn to nonhpn connection we want to limit */ ++ /* the window size to something reasonable in case the far side */ ++ /* has the large window bug. In hpn to hpn connection we want to */ ++ /* use the max window size but allow the user to override it */ ++ /* lastly if they disabled hpn then use the ssh std window size */ ++ ++ /* so why don't we just do a getsockopt() here and set the */ ++ /* ssh window to that? In the case of a autotuning receive */ ++ /* window the window would get stuck at the initial buffer */ ++ /* size generally less than 96k. Therefore we need to set the */ ++ /* maximum ssh window size to the maximum hpn buffer size */ ++ /* unless the user has specifically set the tcprcvbufpoll */ ++ /* to no. In which case we *can* just set the window to the */ ++ /* minimum of the hpn buffer size and tcp receive buffer size */ ++ ++ if (tty_flag) ++ options.hpn_buffer_size = CHAN_SES_WINDOW_DEFAULT; ++ else ++ options.hpn_buffer_size = 2*1024*1024; ++ ++ if (datafellows & SSH_BUG_LARGEWINDOW) ++ { ++ debug("HPN to Non-HPN Connection"); ++ } ++ else ++ { ++ if (options.tcp_rcv_buf_poll <= 0) ++ { ++ sock = socket(AF_INET, SOCK_STREAM, 0); ++ getsockopt(sock, SOL_SOCKET, SO_RCVBUF, ++ &socksize, &socksizelen); ++ close(sock); ++ debug("socksize %d", socksize); ++ options.hpn_buffer_size = socksize; ++ debug ("HPNBufferSize set to TCP RWIN: %d", options.hpn_buffer_size); ++ } ++ else ++ { ++ if (options.tcp_rcv_buf > 0) ++ { ++ /*create a socket but don't connect it */ ++ /* we use that the get the rcv socket size */ ++ sock = socket(AF_INET, SOCK_STREAM, 0); ++ /* if they are using the tcp_rcv_buf option */ ++ /* attempt to set the buffer size to that */ ++ if (options.tcp_rcv_buf) ++ setsockopt(sock, SOL_SOCKET, SO_RCVBUF, (void *)&options.tcp_rcv_buf, ++ sizeof(options.tcp_rcv_buf)); ++ getsockopt(sock, SOL_SOCKET, SO_RCVBUF, ++ &socksize, &socksizelen); ++ close(sock); ++ debug("socksize %d", socksize); ++ options.hpn_buffer_size = socksize; ++ debug ("HPNBufferSize set to user TCPRcvBuf: %d", options.hpn_buffer_size); ++ } ++ } ++ } ++ ++ debug("Final hpn_buffer_size = %d", options.hpn_buffer_size); ++ ++ window = options.hpn_buffer_size; ++ ++ channel_set_hpn(options.hpn_disabled, options.hpn_buffer_size); ++ + packetmax = CHAN_SES_PACKET_DEFAULT; + if (tty_flag) { ++ window = 4*CHAN_SES_PACKET_DEFAULT; + window >>= 1; + packetmax >>= 1; + } +@@ -1941,6 +2009,10 @@ + window, packetmax, CHAN_EXTENDED_WRITE, + "client-session", /*nonblock*/0); + ++ if ((options.tcp_rcv_buf_poll > 0) && (!options.hpn_disabled)) { ++ c->dynamic_window = 1; ++ debug ("Enabled Dynamic Window Scaling"); ++ } + debug3("ssh_session2_open: channel_new: %d", c->self); + + channel_send_open(c->self); +--- a/sshconnect.c ++++ b/sshconnect.c +@@ -267,6 +267,31 @@ + } + + /* ++ * Set TCP receive buffer if requested. ++ * Note: tuning needs to happen after the socket is ++ * created but before the connection happens ++ * so winscale is negotiated properly -cjr ++ */ ++static void ++ssh_set_socket_recvbuf(int sock) ++{ ++ void *buf = (void *)&options.tcp_rcv_buf; ++ int sz = sizeof(options.tcp_rcv_buf); ++ int socksize; ++ int socksizelen = sizeof(int); ++ ++ debug("setsockopt Attempting to set SO_RCVBUF to %d", options.tcp_rcv_buf); ++ if (setsockopt(sock, SOL_SOCKET, SO_RCVBUF, buf, sz) >= 0) { ++ getsockopt(sock, SOL_SOCKET, SO_RCVBUF, &socksize, &socksizelen); ++ debug("setsockopt SO_RCVBUF: %.100s %d", strerror(errno), socksize); ++ } ++ else ++ error("Couldn't set socket receive buffer to %d: %.100s", ++ options.tcp_rcv_buf, strerror(errno)); ++} ++ ++ ++/* + * Creates a (possibly privileged) socket for use as the ssh connection. + */ + static int +@@ -282,6 +307,9 @@ + } + fcntl(sock, F_SETFD, FD_CLOEXEC); + ++ if (options.tcp_rcv_buf > 0) ++ ssh_set_socket_recvbuf(sock); ++ + /* Bind the socket to an alternative local IP address */ + if (options.bind_address == NULL && !privileged) + return sock; +@@ -526,10 +554,10 @@ + /* Send our own protocol version identification. */ + if (compat20) { + xasprintf(&client_version_string, "SSH-%d.%d-%.100s\r\n", +- PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION); ++ PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_RELEASE); + } else { + xasprintf(&client_version_string, "SSH-%d.%d-%.100s\n", +- PROTOCOL_MAJOR_1, minor1, SSH_VERSION); ++ PROTOCOL_MAJOR_1, minor1, SSH_RELEASE); + } + if (atomicio(vwrite, connection_out, client_version_string, + strlen(client_version_string)) != strlen(client_version_string)) +--- a/sshd.c ++++ b/sshd.c +@@ -1020,6 +1020,8 @@ + int ret, listen_sock, on = 1; + struct addrinfo *ai; + char ntop[NI_MAXHOST], strport[NI_MAXSERV]; ++ int socksize; ++ int socksizelen = sizeof(int); + + for (ai = options.listen_addrs; ai; ai = ai->ai_next) { + if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6) +@@ -1060,6 +1062,11 @@ + + debug("Bind to port %s on %s.", strport, ntop); + ++ getsockopt(listen_sock, SOL_SOCKET, SO_RCVBUF, ++ &socksize, &socksizelen); ++ debug("Server TCP RWIN socket size: %d", socksize); ++ debug("HPN Buffer Size: %d", options.hpn_buffer_size); ++ + /* Bind the socket to the desired port. */ + if (bind(listen_sock, ai->ai_addr, ai->ai_addrlen) < 0) { + error("Bind to port %s on %s failed: %.200s.", +@@ -1977,6 +1984,9 @@ + verbose("Connection from %s port %d on %s port %d", + remote_ip, remote_port, laddr, ssh_local_port(ssh)); + free(laddr); ++ ++ /* set the HPN options for the child */ ++ channel_set_hpn(options.hpn_disabled, options.hpn_buffer_size); + + /* + * We don't want to listen forever unless the other side +--- a/sshd_config ++++ b/sshd_config +@@ -99,7 +99,7 @@ + #ClientAliveInterval 0 + #ClientAliveCountMax 3 + #UseDNS no +-#PidFile /var/run/sshd.pid ++#PidFile /run/sshd.pid + #MaxStartups 10:30:100 + #PermitTunnel no + #ChrootDirectory none +@@ -109,7 +109,18 @@ + #Banner none + + # override default of no subsystems +-Subsystem sftp /usr/libexec/sftp-server ++Subsystem sftp /usr/lib/ssh/sftp-server ++ ++# the following are HPN related configuration options ++# tcp receive buffer polling. disable in non autotuning kernels ++#TcpRcvBufPoll yes ++ ++# disable hpn performance boosts ++#HPNDisabled no ++ ++# buffer size for hpn to non-hpn connections ++#HPNBufferSize 2048 ++ + + # Example of overriding settings on a per-user basis + #Match User anoncvs +--- a/version.h ++++ b/version.h +@@ -3,4 +3,5 @@ + #define SSH_VERSION "OpenSSH_7.4" + + #define SSH_PORTABLE "p1" +-#define SSH_RELEASE SSH_VERSION SSH_PORTABLE ++#define SSH_HPN "-hpn14v4" ++#define SSH_RELEASE SSH_VERSION SSH_PORTABLE SSH_HPN diff --git a/system/openssh/openssh7.4-peaktput.patch b/system/openssh/openssh7.4-peaktput.patch new file mode 100644 index 000000000..6fc6140a6 --- /dev/null +++ b/system/openssh/openssh7.4-peaktput.patch @@ -0,0 +1,62 @@ +--- a/progressmeter.c ++++ b/progressmeter.c +@@ -69,6 +69,8 @@ + static off_t start_pos; /* initial position of transfer */ + static off_t end_pos; /* ending position of transfer */ + static off_t cur_pos; /* transfer position as of last refresh */ ++static off_t last_pos; ++static off_t max_delta_pos = 0; + static volatile off_t *counter; /* progress counter */ + static long stalled; /* how long we have been stalled */ + static int bytes_per_second; /* current speed in bytes per second */ +@@ -128,12 +130,17 @@ + int hours, minutes, seconds; + int i, len; + int file_len; ++ off_t delta_pos; + + transferred = *counter - (cur_pos ? cur_pos : start_pos); + cur_pos = *counter; + now = monotime_double(); + bytes_left = end_pos - cur_pos; + ++ delta_pos = cur_pos - last_pos; ++ if (delta_pos > max_delta_pos) ++ max_delta_pos = delta_pos; ++ + if (bytes_left > 0) + elapsed = now - last_update; + else { +@@ -158,7 +165,7 @@ + + /* filename */ + buf[0] = '\0'; +- file_len = win_size - 35; ++ file_len = win_size - 45; + if (file_len > 0) { + len = snprintf(buf, file_len + 1, "\r%s", file); + if (len < 0) +@@ -188,6 +195,15 @@ + (off_t)bytes_per_second); + strlcat(buf, "/s ", win_size); + ++ /* instantaneous rate */ ++ if (bytes_left > 0) ++ format_rate(buf + strlen(buf), win_size - strlen(buf), ++ delta_pos); ++ else ++ format_rate(buf + strlen(buf), win_size - strlen(buf), ++ max_delta_pos); ++ strlcat(buf, "/s ", win_size); ++ + /* ETA */ + if (!transferred) + stalled += elapsed; +@@ -224,6 +240,7 @@ + + atomicio(vwrite, STDOUT_FILENO, buf, win_size - 1); + last_update = now; ++ last_pos = cur_pos; + } + + /*ARGSUSED*/ diff --git a/system/openssh/sftp-interactive.patch b/system/openssh/sftp-interactive.patch new file mode 100644 index 000000000..ab14f3a6b --- /dev/null +++ b/system/openssh/sftp-interactive.patch @@ -0,0 +1,14 @@ +--- a/sftp.c 2014-10-24 10:32:15.793544472 +0500 ++++ b/sftp.c 2014-10-24 10:35:22.329199875 +0500 +@@ -2076,8 +2076,10 @@ + signal(SIGINT, SIG_IGN); + + if (el == NULL) { +- if (interactive) ++ if (interactive) { + printf("sftp> "); ++ fflush(stdout); ++ } + if (fgets(cmd, sizeof(cmd), infile) == NULL) { + if (interactive) + printf("\n"); diff --git a/system/openssh/sshd.confd b/system/openssh/sshd.confd new file mode 100644 index 000000000..dbe01daf5 --- /dev/null +++ b/system/openssh/sshd.confd @@ -0,0 +1,21 @@ +# /etc/conf.d/sshd: config file for /etc/init.d/sshd + +# Where is your sshd_config file stored? + +SSHD_CONFDIR="/etc/ssh" + + +# Any random options you want to pass to sshd. +# See the sshd(8) manpage for more info. + +SSHD_OPTS="" + + +# Pid file to use (needs to be absolute path). + +#SSHD_PIDFILE="/run/sshd.pid" + + +# Path to the sshd binary (needs to be absolute path). + +#SSHD_BINARY="/usr/sbin/sshd" diff --git a/system/openssh/sshd.initd b/system/openssh/sshd.initd new file mode 100755 index 000000000..065519174 --- /dev/null +++ b/system/openssh/sshd.initd @@ -0,0 +1,100 @@ +#!/sbin/openrc-run +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/files/sshd.rc6.4,v 1.5 2015/05/04 02:56:25 vapier Exp $ + +description="OpenBSD Secure Shell server" +description_checkconfig="Verify configuration file" +description_reload="Reload configuration" + +extra_commands="checkconfig" +extra_started_commands="reload" + +: ${SSHD_CONFDIR:=/etc/ssh} +: ${SSHD_CONFIG:=${SSHD_CONFDIR}/sshd_config} +: ${SSHD_PIDFILE:=/run/${SVCNAME}.pid} +: ${SSHD_BINARY:=/usr/sbin/sshd} + +depend() { + use logger dns + if [ "${rc_need+set}" = "set" ] ; then + : # Do nothing, the user has explicitly set rc_need + else + local x warn_addr + for x in $(awk '/^ListenAddress/{ print $2 }' "$SSHD_CONFIG" 2>/dev/null) ; do + case "${x}" in + 0.0.0.0|0.0.0.0:*) ;; + ::|\[::\]*) ;; + *) warn_addr="${warn_addr} ${x}" ;; + esac + done + if [ -n "${warn_addr}" ] ; then + need net + ewarn "You are binding an interface in ListenAddress statement in your sshd_config!" + ewarn "You must add rc_need=\"net.FOO\" to your /etc/conf.d/sshd" + ewarn "where FOO is the interface(s) providing the following address(es):" + ewarn "${warn_addr}" + fi + fi +} + +checkconfig() { + if [ ! -d /var/empty ] ; then + mkdir -p /var/empty || return 1 + fi + + if [ ! -e "${SSHD_CONFIG}" ] ; then + eerror "You need an ${SSHD_CONFIG} file to run sshd" + eerror "There is a sample file in /usr/share/doc/openssh" + return 1 + fi + + if ! yesno "${SSHD_DISABLE_KEYGEN}"; then + ssh-keygen -A || return 1 + fi + + [ "${SSHD_PIDFILE}" != "/run/sshd.pid" ] \ + && SSHD_OPTS="${SSHD_OPTS} -o PidFile=${SSHD_PIDFILE}" + [ "${SSHD_CONFIG}" != "/etc/ssh/sshd_config" ] \ + && SSHD_OPTS="${SSHD_OPTS} -f ${SSHD_CONFIG}" + + "${SSHD_BINARY}" -t ${SSHD_OPTS} || return 1 +} + +start() { + checkconfig || return 1 + + ebegin "Starting ${SVCNAME}" + start-stop-daemon --start --exec "${SSHD_BINARY}" \ + --pidfile "${SSHD_PIDFILE}" \ + -- ${SSHD_OPTS} + eend $? +} + +stop() { + if [ "${RC_CMD}" = "restart" ] ; then + checkconfig || return 1 + fi + + ebegin "Stopping ${SVCNAME}" + start-stop-daemon --stop --exec "${SSHD_BINARY}" \ + --pidfile "${SSHD_PIDFILE}" --quiet + eend $? + + if [ "$RC_RUNLEVEL" = "shutdown" ]; then + _sshd_pids=$(pgrep "${SSHD_BINARY##*/}") + if [ -n "$_sshd_pids" ]; then + ebegin "Shutting down ssh connections" + kill -TERM $_sshd_pids >/dev/null 2>&1 + eend 0 + fi + fi +} + +reload() { + checkconfig || return 1 + ebegin "Reloading ${SVCNAME}" + start-stop-daemon --signal HUP \ + --exec "${SSHD_BINARY}" --pidfile "${SSHD_PIDFILE}" + eend $? +} diff --git a/system/openssl/0002-busybox-basename.patch b/system/openssl/0002-busybox-basename.patch new file mode 100644 index 000000000..9bbc284f3 --- /dev/null +++ b/system/openssl/0002-busybox-basename.patch @@ -0,0 +1,34 @@ +From c276ddc394dd402327603959271eac63a2e1ec1c Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi> +Date: Thu, 5 Feb 2015 08:40:00 +0200 +Subject: [PATCH] busybox basename + +--- + Makefile.org | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/Makefile.org b/Makefile.org +index b7a3f96..035fa83 100644 +--- a/Makefile.org ++++ b/Makefile.org +@@ -649,7 +649,7 @@ install_docs: + filecase=-i; \ + esac; \ + set -e; for i in doc/apps/*.pod; do \ +- fn=`basename $$i .pod`; \ ++ fn=`basename $$i .pod || true`; \ + sec=`$(PERL) util/extract-section.pl 1 < $$i`; \ + echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \ + (cd `$(PERL) util/dirname.pl $$i`; \ +@@ -666,7 +666,7 @@ install_docs: + done); \ + done; \ + set -e; for i in doc/crypto/*.pod doc/ssl/*.pod; do \ +- fn=`basename $$i .pod`; \ ++ fn=`basename $$i .pod || true`; \ + sec=`$(PERL) util/extract-section.pl 3 < $$i`; \ + echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \ + (cd `$(PERL) util/dirname.pl $$i`; \ +-- +2.2.2 + diff --git a/system/openssl/0003-use-termios.patch b/system/openssl/0003-use-termios.patch new file mode 100644 index 000000000..3312d1856 --- /dev/null +++ b/system/openssl/0003-use-termios.patch @@ -0,0 +1,26 @@ +From 5caf1bdcdb56358c0ce38ef404fedbe323e66cb9 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi> +Date: Thu, 5 Feb 2015 08:40:32 +0200 +Subject: [PATCH] use termios + +--- + crypto/ui/ui_openssl.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/crypto/ui/ui_openssl.c b/crypto/ui/ui_openssl.c +index 8bda83c..a89b5f2 100644 +--- a/crypto/ui/ui_openssl.c ++++ b/crypto/ui/ui_openssl.c +@@ -224,6 +224,9 @@ + # undef SGTTY + #endif + ++#define TERMIOS ++#undef TERMIO ++ + #ifdef TERMIOS + # include <termios.h> + # define TTY_STRUCT struct termios +-- +2.2.2 + diff --git a/system/openssl/0004-fix-default-ca-path-for-apps.patch b/system/openssl/0004-fix-default-ca-path-for-apps.patch new file mode 100644 index 000000000..c2c53184a --- /dev/null +++ b/system/openssl/0004-fix-default-ca-path-for-apps.patch @@ -0,0 +1,79 @@ +From 09e6425ad6927a825b077af85c50b2fb04773757 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi> +Date: Thu, 5 Feb 2015 08:52:05 +0200 +Subject: [PATCH] fix default ca path for apps + +--- + apps/s_server.c | 22 ++++++++++++++-------- + apps/s_time.c | 13 ++++++------- + 3 files changed, 26 insertions(+), 22 deletions(-) + +diff --git a/apps/s_server.c b/apps/s_server.c +index baa2455..2d5dc97 100644 +--- a/apps/s_server.c ++++ b/apps/s_server.c +@@ -1770,12 +1770,14 @@ int MAIN(int argc, char *argv[]) + } + #endif + +- if ((!SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) || +- (!SSL_CTX_set_default_verify_paths(ctx))) { +- /* BIO_printf(bio_err,"X509_load_verify_locations\n"); */ +- ERR_print_errors(bio_err); +- /* goto end; */ ++ if (CAfile == NULL && CApath == NULL) { ++ if (!SSL_CTX_set_default_verify_paths(ctx)) ++ ERR_print_errors(bio_err); ++ } else { ++ if (!SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) ++ ERR_print_errors(bio_err); + } ++ + if (vpm) + SSL_CTX_set1_param(ctx, vpm); + +@@ -1838,10 +1840,14 @@ int MAIN(int argc, char *argv[]) + else + SSL_CTX_sess_set_cache_size(ctx2, 128); + +- if ((!SSL_CTX_load_verify_locations(ctx2, CAfile, CApath)) || +- (!SSL_CTX_set_default_verify_paths(ctx2))) { +- ERR_print_errors(bio_err); ++ if (CAfile == NULL && CApath == NULL) { ++ if (!SSL_CTX_set_default_verify_paths(ctx2)) ++ ERR_print_errors(bio_err); ++ } else { ++ if (!SSL_CTX_load_verify_locations(ctx2, CAfile, CApath)) ++ ERR_print_errors(bio_err); + } ++ + if (vpm) + SSL_CTX_set1_param(ctx2, vpm); + +diff --git a/apps/s_time.c b/apps/s_time.c +index 5846f3a..c8f371a 100644 +--- a/apps/s_time.c ++++ b/apps/s_time.c +@@ -377,13 +377,12 @@ int MAIN(int argc, char **argv) + + SSL_load_error_strings(); + +- if ((!SSL_CTX_load_verify_locations(tm_ctx, CAfile, CApath)) || +- (!SSL_CTX_set_default_verify_paths(tm_ctx))) { +- /* +- * BIO_printf(bio_err,"error setting default verify locations\n"); +- */ +- ERR_print_errors(bio_err); +- /* goto end; */ ++ if (CAfile == NULL && CApath == NULL) { ++ if (!SSL_CTX_set_default_verify_paths(tm_ctx)) ++ ERR_print_errors(bio_err); ++ } else { ++ if (!SSL_CTX_load_verify_locations(tm_ctx, CAfile, CApath)) ++ ERR_print_errors(bio_err); + } + + if (tm_cipher == NULL) +-- +2.2.2 + diff --git a/system/openssl/0005-fix-parallel-build.patch b/system/openssl/0005-fix-parallel-build.patch new file mode 100644 index 000000000..70073fd19 --- /dev/null +++ b/system/openssl/0005-fix-parallel-build.patch @@ -0,0 +1,349 @@ +diff -ru openssl-1.0.2a.orig/Makefile.org openssl-1.0.2a/Makefile.org +--- openssl-1.0.2d.orig/Makefile.org 2015-07-09 16:30:50.201986573 -0300 ++++ openssl-1.0.2d/Makefile.org 2015-07-09 16:30:50.201986573 -0300 +@@ -278,17 +278,17 @@ + build_libssl: build_ssl libssl.pc + + build_crypto: +- @dir=crypto; target=all; $(BUILD_ONE_CMD) ++ +@dir=crypto; target=all; $(BUILD_ONE_CMD) + build_ssl: build_crypto +- @dir=ssl; target=all; $(BUILD_ONE_CMD) ++ +@dir=ssl; target=all; $(BUILD_ONE_CMD) + build_engines: build_crypto +- @dir=engines; target=all; $(BUILD_ONE_CMD) ++ +@dir=engines; target=all; $(BUILD_ONE_CMD) + build_apps: build_libs +- @dir=apps; target=all; $(BUILD_ONE_CMD) ++ +@dir=apps; target=all; $(BUILD_ONE_CMD) + build_tests: build_libs +- @dir=test; target=all; $(BUILD_ONE_CMD) ++ +@dir=test; target=all; $(BUILD_ONE_CMD) + build_tools: build_libs +- @dir=tools; target=all; $(BUILD_ONE_CMD) ++ +@dir=tools; target=all; $(BUILD_ONE_CMD) + + all_testapps: build_libs build_testapps + build_testapps: +@@ -536,9 +536,9 @@ + dist_pem_h: + (cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean) + +-install: all install_docs install_sw ++install: install_docs install_sw + +-install_sw: ++install_dirs: + @$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \ + $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR) \ + $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines \ +@@ -547,12 +547,19 @@ + $(INSTALL_PREFIX)$(OPENSSLDIR)/misc \ + $(INSTALL_PREFIX)$(OPENSSLDIR)/certs \ + $(INSTALL_PREFIX)$(OPENSSLDIR)/private ++ @$(PERL) $(TOP)/util/mkdir-p.pl \ ++ $(INSTALL_PREFIX)$(MANDIR)/man1 \ ++ $(INSTALL_PREFIX)$(MANDIR)/man3 \ ++ $(INSTALL_PREFIX)$(MANDIR)/man5 \ ++ $(INSTALL_PREFIX)$(MANDIR)/man7 ++ ++install_sw: install_dirs + @set -e; headerlist="$(EXHEADER)"; for i in $$headerlist;\ + do \ + (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ + chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ + done; +- @set -e; target=install; $(RECURSIVE_BUILD_CMD) ++ +@set -e; target=install; $(RECURSIVE_BUILD_CMD) + @set -e; liblist="$(LIBS)"; for i in $$liblist ;\ + do \ + if [ -f "$$i" ]; then \ +@@ -636,12 +643,7 @@ + done; \ + done + +-install_docs: +- @$(PERL) $(TOP)/util/mkdir-p.pl \ +- $(INSTALL_PREFIX)$(MANDIR)/man1 \ +- $(INSTALL_PREFIX)$(MANDIR)/man3 \ +- $(INSTALL_PREFIX)$(MANDIR)/man5 \ +- $(INSTALL_PREFIX)$(MANDIR)/man7 ++install_docs: install_dirs + @pod2man="`cd ./util; ./pod2mantest $(PERL)`"; \ + here="`pwd`"; \ + filecase=; \ +diff -ru openssl-1.0.2a.orig/Makefile.shared openssl-1.0.2a/Makefile.shared +--- openssl-1.0.2a.orig/Makefile.shared 2015-01-20 12:33:36.000000000 +0000 ++++ openssl-1.0.2a/Makefile.shared 2015-03-19 14:53:31.246908039 +0000 +@@ -105,6 +105,7 @@ + SHAREDFLAGS="$${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \ + LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \ + LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \ ++ [ -e $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX ] && exit 0; \ + LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \ + $${SHAREDCMD} $${SHAREDFLAGS} \ + -o $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX \ +@@ -122,6 +123,7 @@ + done; \ + fi; \ + if [ -n "$$SHLIB_SOVER" ]; then \ ++ [ -e "$$SHLIB$$SHLIB_SUFFIX" ] || \ + ( $(SET_X); rm -f $$SHLIB$$SHLIB_SUFFIX; \ + ln -s $$prev $$SHLIB$$SHLIB_SUFFIX ); \ + fi; \ +diff -ru openssl-1.0.2a.orig/crypto/Makefile openssl-1.0.2a/crypto/Makefile +--- openssl-1.0.2a.orig/crypto/Makefile 2015-03-19 13:31:02.000000000 +0000 ++++ openssl-1.0.2a/crypto/Makefile 2015-03-19 14:53:31.246908039 +0000 +@@ -85,11 +85,11 @@ + @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi + + subdirs: +- @target=all; $(RECURSIVE_MAKE) ++ +@target=all; $(RECURSIVE_MAKE) + + files: + $(PERL) $(TOP)/util/files.pl "CPUID_OBJ=$(CPUID_OBJ)" Makefile >> $(TOP)/MINFO +- @target=files; $(RECURSIVE_MAKE) ++ +@target=files; $(RECURSIVE_MAKE) + + links: + @$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER) +@@ -100,7 +100,7 @@ + # lib: $(LIB): are splitted to avoid end-less loop + lib: $(LIB) + @touch lib +-$(LIB): $(LIBOBJ) ++$(LIB): $(LIBOBJ) | subdirs + $(AR) $(LIB) $(LIBOBJ) + test -z "$(FIPSLIBDIR)" || $(AR) $(LIB) $(FIPSLIBDIR)fipscanister.o + $(RANLIB) $(LIB) || echo Never mind. +@@ -111,7 +111,7 @@ + fi + + libs: +- @target=lib; $(RECURSIVE_MAKE) ++ +@target=lib; $(RECURSIVE_MAKE) + + install: + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... +@@ -120,7 +120,7 @@ + (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ + chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ + done; +- @target=install; $(RECURSIVE_MAKE) ++ +@target=install; $(RECURSIVE_MAKE) + + lint: + @target=lint; $(RECURSIVE_MAKE) +diff -ru openssl-1.0.2a.orig/engines/Makefile openssl-1.0.2a/engines/Makefile +--- openssl-1.0.2a.orig/engines/Makefile 2015-03-19 13:31:14.000000000 +0000 ++++ openssl-1.0.2a/engines/Makefile 2015-03-19 14:53:31.246908039 +0000 +@@ -72,7 +72,7 @@ + + all: lib subdirs + +-lib: $(LIBOBJ) ++lib: $(LIBOBJ) | subdirs + @if [ -n "$(SHARED_LIBS)" ]; then \ + set -e; \ + for l in $(LIBNAMES); do \ +@@ -89,7 +89,7 @@ + + subdirs: + echo $(EDIRS) +- @target=all; $(RECURSIVE_MAKE) ++ +@target=all; $(RECURSIVE_MAKE) + + files: + $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO +@@ -128,7 +128,7 @@ + mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \ + done; \ + fi +- @target=install; $(RECURSIVE_MAKE) ++ +@target=install; $(RECURSIVE_MAKE) + + tags: + ctags $(SRC) +diff -ru openssl-1.0.2a.orig/test/Makefile openssl-1.0.2a/test/Makefile +--- openssl-1.0.2a.orig/test/Makefile 2015-03-19 13:31:16.000000000 +0000 ++++ openssl-1.0.2a/test/Makefile 2015-03-19 14:55:44.146017128 +0000 +@@ -133,7 +133,7 @@ + tags: + ctags $(SRC) + +-tests: exe apps $(TESTS) ++tests: exe $(TESTS) + + apps: + @(cd ..; $(MAKE) DIRS=apps all) +@@ -402,121 +402,121 @@ + link_app.$${shlib_target} + + $(RSATEST)$(EXE_EXT): $(RSATEST).o $(DLIBCRYPTO) +- @target=$(RSATEST); $(BUILD_CMD) ++ +@target=$(RSATEST); $(BUILD_CMD) + + $(BNTEST)$(EXE_EXT): $(BNTEST).o $(DLIBCRYPTO) +- @target=$(BNTEST); $(BUILD_CMD) ++ +@target=$(BNTEST); $(BUILD_CMD) + + $(ECTEST)$(EXE_EXT): $(ECTEST).o $(DLIBCRYPTO) +- @target=$(ECTEST); $(BUILD_CMD) ++ +@target=$(ECTEST); $(BUILD_CMD) + + $(EXPTEST)$(EXE_EXT): $(EXPTEST).o $(DLIBCRYPTO) +- @target=$(EXPTEST); $(BUILD_CMD) ++ +@target=$(EXPTEST); $(BUILD_CMD) + + $(IDEATEST)$(EXE_EXT): $(IDEATEST).o $(DLIBCRYPTO) +- @target=$(IDEATEST); $(BUILD_CMD) ++ +@target=$(IDEATEST); $(BUILD_CMD) + + $(MD2TEST)$(EXE_EXT): $(MD2TEST).o $(DLIBCRYPTO) +- @target=$(MD2TEST); $(BUILD_CMD) ++ +@target=$(MD2TEST); $(BUILD_CMD) + + $(SHATEST)$(EXE_EXT): $(SHATEST).o $(DLIBCRYPTO) +- @target=$(SHATEST); $(BUILD_CMD) ++ +@target=$(SHATEST); $(BUILD_CMD) + + $(SHA1TEST)$(EXE_EXT): $(SHA1TEST).o $(DLIBCRYPTO) +- @target=$(SHA1TEST); $(BUILD_CMD) ++ +@target=$(SHA1TEST); $(BUILD_CMD) + + $(SHA256TEST)$(EXE_EXT): $(SHA256TEST).o $(DLIBCRYPTO) +- @target=$(SHA256TEST); $(BUILD_CMD) ++ +@target=$(SHA256TEST); $(BUILD_CMD) + + $(SHA512TEST)$(EXE_EXT): $(SHA512TEST).o $(DLIBCRYPTO) +- @target=$(SHA512TEST); $(BUILD_CMD) ++ +@target=$(SHA512TEST); $(BUILD_CMD) + + $(RMDTEST)$(EXE_EXT): $(RMDTEST).o $(DLIBCRYPTO) +- @target=$(RMDTEST); $(BUILD_CMD) ++ +@target=$(RMDTEST); $(BUILD_CMD) + + $(MDC2TEST)$(EXE_EXT): $(MDC2TEST).o $(DLIBCRYPTO) +- @target=$(MDC2TEST); $(BUILD_CMD) ++ +@target=$(MDC2TEST); $(BUILD_CMD) + + $(MD4TEST)$(EXE_EXT): $(MD4TEST).o $(DLIBCRYPTO) +- @target=$(MD4TEST); $(BUILD_CMD) ++ +@target=$(MD4TEST); $(BUILD_CMD) + + $(MD5TEST)$(EXE_EXT): $(MD5TEST).o $(DLIBCRYPTO) +- @target=$(MD5TEST); $(BUILD_CMD) ++ +@target=$(MD5TEST); $(BUILD_CMD) + + $(HMACTEST)$(EXE_EXT): $(HMACTEST).o $(DLIBCRYPTO) +- @target=$(HMACTEST); $(BUILD_CMD) ++ +@target=$(HMACTEST); $(BUILD_CMD) + + $(WPTEST)$(EXE_EXT): $(WPTEST).o $(DLIBCRYPTO) +- @target=$(WPTEST); $(BUILD_CMD) ++ +@target=$(WPTEST); $(BUILD_CMD) + + $(RC2TEST)$(EXE_EXT): $(RC2TEST).o $(DLIBCRYPTO) +- @target=$(RC2TEST); $(BUILD_CMD) ++ +@target=$(RC2TEST); $(BUILD_CMD) + + $(BFTEST)$(EXE_EXT): $(BFTEST).o $(DLIBCRYPTO) +- @target=$(BFTEST); $(BUILD_CMD) ++ +@target=$(BFTEST); $(BUILD_CMD) + + $(CASTTEST)$(EXE_EXT): $(CASTTEST).o $(DLIBCRYPTO) +- @target=$(CASTTEST); $(BUILD_CMD) ++ +@target=$(CASTTEST); $(BUILD_CMD) + + $(RC4TEST)$(EXE_EXT): $(RC4TEST).o $(DLIBCRYPTO) +- @target=$(RC4TEST); $(BUILD_CMD) ++ +@target=$(RC4TEST); $(BUILD_CMD) + + $(RC5TEST)$(EXE_EXT): $(RC5TEST).o $(DLIBCRYPTO) +- @target=$(RC5TEST); $(BUILD_CMD) ++ +@target=$(RC5TEST); $(BUILD_CMD) + + $(DESTEST)$(EXE_EXT): $(DESTEST).o $(DLIBCRYPTO) +- @target=$(DESTEST); $(BUILD_CMD) ++ +@target=$(DESTEST); $(BUILD_CMD) + + $(RANDTEST)$(EXE_EXT): $(RANDTEST).o $(DLIBCRYPTO) +- @target=$(RANDTEST); $(BUILD_CMD) ++ +@target=$(RANDTEST); $(BUILD_CMD) + + $(DHTEST)$(EXE_EXT): $(DHTEST).o $(DLIBCRYPTO) +- @target=$(DHTEST); $(BUILD_CMD) ++ +@target=$(DHTEST); $(BUILD_CMD) + + $(DSATEST)$(EXE_EXT): $(DSATEST).o $(DLIBCRYPTO) +- @target=$(DSATEST); $(BUILD_CMD) ++ +@target=$(DSATEST); $(BUILD_CMD) + + $(METHTEST)$(EXE_EXT): $(METHTEST).o $(DLIBCRYPTO) +- @target=$(METHTEST); $(BUILD_CMD) ++ +@target=$(METHTEST); $(BUILD_CMD) + + $(SSLTEST)$(EXE_EXT): $(SSLTEST).o $(DLIBSSL) $(DLIBCRYPTO) +- @target=$(SSLTEST); $(FIPS_BUILD_CMD) ++ +@target=$(SSLTEST); $(FIPS_BUILD_CMD) + + $(ENGINETEST)$(EXE_EXT): $(ENGINETEST).o $(DLIBCRYPTO) +- @target=$(ENGINETEST); $(BUILD_CMD) ++ +@target=$(ENGINETEST); $(BUILD_CMD) + + $(EVPTEST)$(EXE_EXT): $(EVPTEST).o $(DLIBCRYPTO) +- @target=$(EVPTEST); $(BUILD_CMD) ++ +@target=$(EVPTEST); $(BUILD_CMD) + + $(EVPEXTRATEST)$(EXE_EXT): $(EVPEXTRATEST).o $(DLIBCRYPTO) +- @target=$(EVPEXTRATEST); $(BUILD_CMD) ++ +@target=$(EVPEXTRATEST); $(BUILD_CMD) + + $(ECDSATEST)$(EXE_EXT): $(ECDSATEST).o $(DLIBCRYPTO) +- @target=$(ECDSATEST); $(BUILD_CMD) ++ +@target=$(ECDSATEST); $(BUILD_CMD) + + $(ECDHTEST)$(EXE_EXT): $(ECDHTEST).o $(DLIBCRYPTO) +- @target=$(ECDHTEST); $(BUILD_CMD) ++ +@target=$(ECDHTEST); $(BUILD_CMD) + + $(IGETEST)$(EXE_EXT): $(IGETEST).o $(DLIBCRYPTO) +- @target=$(IGETEST); $(BUILD_CMD) ++ +@target=$(IGETEST); $(BUILD_CMD) + + $(JPAKETEST)$(EXE_EXT): $(JPAKETEST).o $(DLIBCRYPTO) +- @target=$(JPAKETEST); $(BUILD_CMD) ++ +@target=$(JPAKETEST); $(BUILD_CMD) + + $(ASN1TEST)$(EXE_EXT): $(ASN1TEST).o $(DLIBCRYPTO) +- @target=$(ASN1TEST); $(BUILD_CMD) ++ +@target=$(ASN1TEST); $(BUILD_CMD) + + $(SRPTEST)$(EXE_EXT): $(SRPTEST).o $(DLIBCRYPTO) +- @target=$(SRPTEST); $(BUILD_CMD) ++ +@target=$(SRPTEST); $(BUILD_CMD) + + $(V3NAMETEST)$(EXE_EXT): $(V3NAMETEST).o $(DLIBCRYPTO) +- @target=$(V3NAMETEST); $(BUILD_CMD) ++ +@target=$(V3NAMETEST); $(BUILD_CMD) + + $(HEARTBEATTEST)$(EXE_EXT): $(HEARTBEATTEST).o $(DLIBCRYPTO) +- @target=$(HEARTBEATTEST); $(BUILD_CMD_STATIC) ++ +@target=$(HEARTBEATTEST); $(BUILD_CMD_STATIC) + + $(CONSTTIMETEST)$(EXE_EXT): $(CONSTTIMETEST).o +- @target=$(CONSTTIMETEST) $(BUILD_CMD) ++ +@target=$(CONSTTIMETEST) $(BUILD_CMD) + + #$(AESTEST).o: $(AESTEST).c + # $(CC) -c $(CFLAGS) -DINTERMEDIATE_VALUE_KAT -DTRACE_KAT_MCT $(AESTEST).c +@@ -529,7 +529,7 @@ + # fi + + dummytest$(EXE_EXT): dummytest.o $(DLIBCRYPTO) +- @target=dummytest; $(BUILD_CMD) ++ +@target=dummytest; $(BUILD_CMD) + + # DO NOT DELETE THIS LINE -- make depend depends on it. + diff --git a/system/openssl/0006-add-ircv3-tls-3.1-extension-support-to-s_client.patch b/system/openssl/0006-add-ircv3-tls-3.1-extension-support-to-s_client.patch new file mode 100644 index 000000000..daa6df02f --- /dev/null +++ b/system/openssl/0006-add-ircv3-tls-3.1-extension-support-to-s_client.patch @@ -0,0 +1,68 @@ +From 4785c095dbfb3630ddf6685f23e3a19c7c804cbc Mon Sep 17 00:00:00 2001 +From: William Pitcock <nenolod@dereferenced.org> +Date: Thu, 5 Feb 2015 09:02:00 +0200 +Subject: [PATCH] add ircv3 tls-3.1 extension support to s_client + +--- + apps/s_client.c | 24 ++++++++++++++++++++++-- + 1 file changed, 22 insertions(+), 2 deletions(-) + +diff --git a/apps/s_client.c b/apps/s_client.c +index 8aee02a..0a28b89 100644 +--- a/apps/s_client.c ++++ b/apps/s_client.c +@@ -401,7 +401,7 @@ static void sc_usage(void) + BIO_printf(bio_err, + " 'prot' defines which one to assume. Currently,\n"); + BIO_printf(bio_err, +- " only \"smtp\", \"pop3\", \"imap\", \"ftp\" and \"xmpp\"\n"); ++ " only \"smtp\", \"pop3\", \"imap\", \"ftp\", \"xmpp\" and \"ircv3\"\n"); + BIO_printf(bio_err, " are supported.\n"); + #ifndef OPENSSL_NO_ENGINE + BIO_printf(bio_err, +@@ -640,7 +640,8 @@ enum { + PROTO_POP3, + PROTO_IMAP, + PROTO_FTP, +- PROTO_XMPP ++ PROTO_XMPP, ++ PROTO_IRCV3, + }; + + int MAIN(int, char **); +@@ -1062,6 +1063,8 @@ int MAIN(int argc, char **argv) + starttls_proto = PROTO_FTP; + else if (strcmp(*argv, "xmpp") == 0) + starttls_proto = PROTO_XMPP; ++ else if (strcmp(*argv, "ircv3") == 0) ++ starttls_proto = PROTO_IRCV3; + else + goto bad; + } +@@ -1646,6 +1649,23 @@ int MAIN(int argc, char **argv) + goto shut; + mbuf[0] = 0; + } ++ if (starttls_proto == PROTO_IRCV3) { ++ int seen = 0; ++ BIO_printf(sbio,"CAP REQ :tls\r\n"); ++ ++ while (!strstr(mbuf,"CAP")) { ++ seen = BIO_read(sbio,mbuf,BUFSIZZ); ++ mbuf[seen] = 0; ++ } ++ if (!strstr(mbuf,"ACK")) ++ goto shut; ++ BIO_printf(sbio,"CAP END\r\nSTARTTLS\r\n"); ++ while (!strstr(sbuf, "670")) { ++ seen = BIO_read(sbio,sbuf,BUFSIZZ); ++ sbuf[seen] = 0; ++ } ++ mbuf[0] = 0; ++ } + + for (;;) { + FD_ZERO(&readfds); +-- +2.2.2 + diff --git a/system/openssl/0008-maintain-abi-compat-with-no-freelist-and-regular-bui.patch b/system/openssl/0008-maintain-abi-compat-with-no-freelist-and-regular-bui.patch new file mode 100644 index 000000000..ff3d25eff --- /dev/null +++ b/system/openssl/0008-maintain-abi-compat-with-no-freelist-and-regular-bui.patch @@ -0,0 +1,27 @@ +From 7457e26d3a78c7cd923242d87d04febadddea086 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi> +Date: Thu, 5 Feb 2015 10:06:31 +0200 +Subject: [PATCH] maintain abi compat with no-freelist and regular build + +--- + ssl/ssl.h | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/ssl/ssl.h b/ssl/ssl.h +index 2b0f662..636cb5d 100644 +--- a/ssl/ssl.h ++++ b/ssl/ssl.h +@@ -1113,6 +1113,10 @@ struct ssl_ctx_st { + unsigned int freelist_max_len; + struct ssl3_buf_freelist_st *wbuf_freelist; + struct ssl3_buf_freelist_st *rbuf_freelist; ++# else ++ unsigned int freelist_dummy0; ++ void *freelist_dummy1; ++ void *freelist_dummy2; + # endif + # ifndef OPENSSL_NO_SRP + SRP_CTX srp_ctx; /* ctx for SRP authentication */ +-- +2.2.2 + diff --git a/system/openssl/0009-no-rpath.patch b/system/openssl/0009-no-rpath.patch new file mode 100644 index 000000000..56df75b79 --- /dev/null +++ b/system/openssl/0009-no-rpath.patch @@ -0,0 +1,11 @@ +--- a/Makefile.shared 2005-06-23 22:47:54.000000000 +0200 ++++ b/Makefile.shared 2005-11-16 22:35:37.000000000 +0100 +@@ -153,7 +153,7 @@ + NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \ + SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX" + +-DO_GNU_APP=LDFLAGS="$(CFLAGS) -Wl,-rpath,$(LIBRPATH)" ++DO_GNU_APP=LDFLAGS="$(CFLAGS)" + + #This is rather special. It's a special target with which one can link + #applications without bothering with any features that have anything to diff --git a/system/openssl/0010-ssl-env-zlib.patch b/system/openssl/0010-ssl-env-zlib.patch new file mode 100644 index 000000000..9eae15d72 --- /dev/null +++ b/system/openssl/0010-ssl-env-zlib.patch @@ -0,0 +1,38 @@ +diff -ru openssl-1.0.2a.orig/doc/ssl/SSL_COMP_add_compression_method.pod openssl-1.0.2a/doc/ssl/SSL_COMP_add_compression_method.pod +--- openssl-1.0.2a.orig/doc/ssl/SSL_COMP_add_compression_method.pod 2015-01-15 16:43:14.000000000 -0200 ++++ openssl-1.0.2a/doc/ssl/SSL_COMP_add_compression_method.pod 2015-03-27 15:18:47.280054883 -0200 +@@ -47,6 +47,13 @@ + been standardized, the compression API will most likely be changed. Using + it in the current state is not recommended. + ++It is also not recommended to use compression if data transfered contain ++untrusted parts that can be manipulated by an attacker as he could then ++get information about the encrypted data. See the CRIME attack. For ++that reason the default loading of the zlib compression method is ++disabled and enabled only if the environment variable B<OPENSSL_DEFAULT_ZLIB> ++is present during the library initialization. ++ + =head1 RETURN VALUES + + SSL_COMP_add_compression_method() may return the following values: +diff -ru openssl-1.0.2a.orig/ssl/ssl_ciph.c openssl-1.0.2a/ssl/ssl_ciph.c +--- openssl-1.0.2a.orig/ssl/ssl_ciph.c 2015-03-19 15:30:36.000000000 -0200 ++++ openssl-1.0.2a/ssl/ssl_ciph.c 2015-03-27 15:23:05.960057092 -0200 +@@ -141,6 +141,8 @@ + */ + + #include <stdio.h> ++#include <stdlib.h> ++#include <sys/auxv.h> + #include <openssl/objects.h> + #ifndef OPENSSL_NO_COMP + # include <openssl/comp.h> +@@ -481,7 +483,7 @@ + + MemCheck_off(); + ssl_comp_methods = sk_SSL_COMP_new(sk_comp_cmp); +- if (ssl_comp_methods != NULL) { ++ if (ssl_comp_methods != NULL && getauxval(AT_SECURE) == 0 && getenv("OPENSSL_DEFAULT_ZLIB") != NULL) { + comp = (SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP)); + if (comp != NULL) { + comp->method = COMP_zlib(); diff --git a/system/openssl/1001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch b/system/openssl/1001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch new file mode 100644 index 000000000..ef46faa84 --- /dev/null +++ b/system/openssl/1001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch @@ -0,0 +1,88 @@ +From 83c96cbc76604daccbc31cea9411555aea96fd6d Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi> +Date: Thu, 5 Feb 2015 09:16:51 +0200 +Subject: [PATCH] crypto/hmac: support EVP_MD_CTX_FLAG_ONESHOT and set it + properly + +Some engines (namely VIA C7 Padlock) work only if EVP_MD_CTX_FLAG_ONESHOT +is set before final update. This is because some crypto accelerators cannot +perform non-finalizing transform of the digest. + +The usage of EVP_MD_CTX_FLAG_ONESHOT is used semantically slightly +differently here. It is set before the final EVP_DigestUpdate call, not +necessarily before EVP_DigestInit call. This will not cause any problems +though. +--- + crypto/hmac/hmac.c | 14 ++++++++++---- + 1 file changed, 10 insertions(+), 4 deletions(-) + +diff --git a/crypto/hmac/hmac.c b/crypto/hmac/hmac.c +index 1fc9e2c..6f16578 100644 +--- a/crypto/hmac/hmac.c ++++ b/crypto/hmac/hmac.c +@@ -109,7 +109,8 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, + j = EVP_MD_block_size(md); + OPENSSL_assert(j <= (int)sizeof(ctx->key)); + if (j < len) { +- if (!EVP_DigestInit_ex(&ctx->md_ctx, md, impl)) ++ EVP_MD_CTX_set_flags(&ctx->md_ctx, EVP_MD_CTX_FLAG_ONESHOT); ++ if (!EVP_DigestInit_ex(&ctx->md_ctx, md, impl)) + goto err; + if (!EVP_DigestUpdate(&ctx->md_ctx, key, len)) + goto err; +@@ -129,6 +130,7 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, + if (reset) { + for (i = 0; i < HMAC_MAX_MD_CBLOCK; i++) + pad[i] = 0x36 ^ ctx->key[i]; ++ EVP_MD_CTX_clear_flags(&ctx->i_ctx, EVP_MD_CTX_FLAG_ONESHOT); + if (!EVP_DigestInit_ex(&ctx->i_ctx, md, impl)) + goto err; + if (!EVP_DigestUpdate(&ctx->i_ctx, pad, EVP_MD_block_size(md))) +@@ -136,6 +138,7 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, + + for (i = 0; i < HMAC_MAX_MD_CBLOCK; i++) + pad[i] = 0x5c ^ ctx->key[i]; ++ EVP_MD_CTX_clear_flags(&ctx->o_ctx, EVP_MD_CTX_FLAG_ONESHOT); + if (!EVP_DigestInit_ex(&ctx->o_ctx, md, impl)) + goto err; + if (!EVP_DigestUpdate(&ctx->o_ctx, pad, EVP_MD_block_size(md))) +@@ -143,6 +146,7 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, + } + if (!EVP_MD_CTX_copy_ex(&ctx->md_ctx, &ctx->i_ctx)) + goto err; ++ EVP_MD_CTX_clear_flags(&ctx->md_ctx, EVP_MD_CTX_FLAG_ONESHOT); + return 1; + err: + return 0; +@@ -177,6 +181,7 @@ int HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len) + goto err; + if (!EVP_MD_CTX_copy_ex(&ctx->md_ctx, &ctx->o_ctx)) + goto err; ++ EVP_MD_CTX_set_flags(&ctx->md_ctx,EVP_MD_CTX_FLAG_ONESHOT); + if (!EVP_DigestUpdate(&ctx->md_ctx, buf, i)) + goto err; + if (!EVP_DigestFinal_ex(&ctx->md_ctx, md, len)) +@@ -233,8 +238,9 @@ unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len, + if (md == NULL) + md = m; + HMAC_CTX_init(&c); +- if (!HMAC_Init(&c, key, key_len, evp_md)) ++ if (!HMAC_Init_ex(&c, key, key_len, evp_md, NULL)) + goto err; ++ HMAC_CTX_set_flags(&c,EVP_MD_CTX_FLAG_ONESHOT); + if (!HMAC_Update(&c, d, n)) + goto err; + if (!HMAC_Final(&c, md, md_len)) +@@ -247,7 +253,7 @@ unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len, + + void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags) + { +- EVP_MD_CTX_set_flags(&ctx->i_ctx, flags); +- EVP_MD_CTX_set_flags(&ctx->o_ctx, flags); ++ EVP_MD_CTX_set_flags(&ctx->i_ctx, flags & ~EVP_MD_CTX_FLAG_ONESHOT); ++ EVP_MD_CTX_set_flags(&ctx->o_ctx, flags & ~EVP_MD_CTX_FLAG_ONESHOT); + EVP_MD_CTX_set_flags(&ctx->md_ctx, flags); + } +-- +2.2.2 + diff --git a/system/openssl/1002-backport-changes-from-upstream-padlock-module.patch b/system/openssl/1002-backport-changes-from-upstream-padlock-module.patch new file mode 100644 index 000000000..f63bbcd1c --- /dev/null +++ b/system/openssl/1002-backport-changes-from-upstream-padlock-module.patch @@ -0,0 +1,200 @@ +From ba17588a940ee712c3ef6d458adb1087f0c84521 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi> +Date: Thu, 5 Feb 2015 09:28:10 +0200 +Subject: [PATCH] backport changes from upstream padlock module. +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Includes support for VIA Nano 64-bit mode. + +Signed-off-by: Timo Teräs <timo.teras@iki.fi> +--- + engines/e_padlock.c | 142 +++++++++++++++++++++++++++++++++++++++++++++------- + 1 file changed, 125 insertions(+), 17 deletions(-) + +diff --git a/engines/e_padlock.c b/engines/e_padlock.c +index 2898e4c..94406cb 100644 +--- a/engines/e_padlock.c ++++ b/engines/e_padlock.c +@@ -101,7 +101,10 @@ + */ + # undef COMPILE_HW_PADLOCK + # if !defined(I386_ONLY) && !defined(OPENSSL_NO_INLINE_ASM) +-# if (defined(__GNUC__) && (defined(__i386__) || defined(__i386))) || \ ++# if (defined(__GNUC__) && __GNUC__>=2 && \ ++ (defined(__i386__) || defined(__i386) || \ ++ defined(__x86_64__) || defined(__x86_64)) \ ++ ) || \ + (defined(_MSC_VER) && defined(_M_IX86)) + # define COMPILE_HW_PADLOCK + # endif +@@ -303,6 +306,7 @@ static volatile struct padlock_cipher_data *padlock_saved_context; + * ======================================================= + */ + # if defined(__GNUC__) && __GNUC__>=2 ++# if defined(__i386__) || defined(__i386) + /* + * As for excessive "push %ebx"/"pop %ebx" found all over. + * When generating position-independent code GCC won't let +@@ -379,22 +383,6 @@ static int padlock_available(void) + return padlock_use_ace + padlock_use_rng; + } + +-# ifndef OPENSSL_NO_AES +-# ifndef AES_ASM +-/* Our own htonl()/ntohl() */ +-static inline void padlock_bswapl(AES_KEY *ks) +-{ +- size_t i = sizeof(ks->rd_key) / sizeof(ks->rd_key[0]); +- unsigned int *key = ks->rd_key; +- +- while (i--) { +- asm volatile ("bswapl %0":"+r" (*key)); +- key++; +- } +-} +-# endif +-# endif +- + /* + * Force key reload from memory to the CPU microcode. Loading EFLAGS from the + * stack clears EFLAGS[30] which does the trick. +@@ -448,6 +436,110 @@ static inline void *name(size_t cnt, \ + : "edx", "cc", "memory"); \ + return iv; \ + } ++#endif ++ ++#elif defined(__x86_64__) || defined(__x86_64) ++ ++/* Load supported features of the CPU to see if ++ the PadLock is available. */ ++static int ++padlock_available(void) ++{ ++ char vendor_string[16]; ++ unsigned int eax, edx; ++ ++ /* Are we running on the Centaur (VIA) CPU? */ ++ eax = 0x00000000; ++ vendor_string[12] = 0; ++ asm volatile ( ++ "cpuid\n" ++ "movl %%ebx,(%1)\n" ++ "movl %%edx,4(%1)\n" ++ "movl %%ecx,8(%1)\n" ++ : "+a"(eax) : "r"(vendor_string) : "rbx", "rcx", "rdx"); ++ if (strcmp(vendor_string, "CentaurHauls") != 0) ++ return 0; ++ ++ /* Check for Centaur Extended Feature Flags presence */ ++ eax = 0xC0000000; ++ asm volatile ("cpuid" ++ : "+a"(eax) : : "rbx", "rcx", "rdx"); ++ if (eax < 0xC0000001) ++ return 0; ++ ++ /* Read the Centaur Extended Feature Flags */ ++ eax = 0xC0000001; ++ asm volatile ("cpuid" ++ : "+a"(eax), "=d"(edx) : : "rbx", "rcx"); ++ ++ /* Fill up some flags */ ++ padlock_use_ace = ((edx & (0x3<<6)) == (0x3<<6)); ++ padlock_use_rng = ((edx & (0x3<<2)) == (0x3<<2)); ++ ++ return padlock_use_ace + padlock_use_rng; ++} ++ ++/* Force key reload from memory to the CPU microcode. ++ Loading EFLAGS from the stack clears EFLAGS[30] ++ which does the trick. */ ++static inline void ++padlock_reload_key(void) ++{ ++ asm volatile ("pushfq; popfq"); ++} ++ ++#ifndef OPENSSL_NO_AES ++/* ++ * This is heuristic key context tracing. At first one ++ * believes that one should use atomic swap instructions, ++ * but it's not actually necessary. Point is that if ++ * padlock_saved_context was changed by another thread ++ * after we've read it and before we compare it with cdata, ++ * our key *shall* be reloaded upon thread context switch ++ * and we are therefore set in either case... ++ */ ++static inline void ++padlock_verify_context(struct padlock_cipher_data *cdata) ++{ ++ asm volatile ( ++ "pushfq\n" ++" btl $30,(%%rsp)\n" ++" jnc 1f\n" ++" cmpq %2,%1\n" ++" je 1f\n" ++" popfq\n" ++" subq $8,%%rsp\n" ++"1: addq $8,%%rsp\n" ++" movq %2,%0" ++ :"+m"(padlock_saved_context) ++ : "r"(padlock_saved_context), "r"(cdata) : "cc"); ++} ++ ++/* Template for padlock_xcrypt_* modes */ ++/* BIG FAT WARNING: ++ * The offsets used with 'leal' instructions ++ * describe items of the 'padlock_cipher_data' ++ * structure. ++ */ ++#define PADLOCK_XCRYPT_ASM(name,rep_xcrypt) \ ++static inline void *name(size_t cnt, \ ++ struct padlock_cipher_data *cdata, \ ++ void *out, const void *inp) \ ++{ void *iv; \ ++ asm volatile ( "leaq 16(%0),%%rdx\n" \ ++ " leaq 32(%0),%%rbx\n" \ ++ rep_xcrypt "\n" \ ++ : "=a"(iv), "=c"(cnt), "=D"(out), "=S"(inp) \ ++ : "0"(cdata), "1"(cnt), "2"(out), "3"(inp) \ ++ : "rbx", "rdx", "cc", "memory"); \ ++ return iv; \ ++} ++#endif ++ ++#endif /* cpu */ ++ ++ ++# ifndef OPENSSL_NO_AES + + /* Generate all functions with appropriate opcodes */ + /* rep xcryptecb */ +@@ -458,7 +550,23 @@ PADLOCK_XCRYPT_ASM(padlock_xcrypt_ecb, ".byte 0xf3,0x0f,0xa7,0xc8") + PADLOCK_XCRYPT_ASM(padlock_xcrypt_cfb, ".byte 0xf3,0x0f,0xa7,0xe0") + /* rep xcryptofb */ + PADLOCK_XCRYPT_ASM(padlock_xcrypt_ofb, ".byte 0xf3,0x0f,0xa7,0xe8") ++ ++# ifndef AES_ASM ++/* Our own htonl()/ntohl() */ ++static inline void padlock_bswapl(AES_KEY *ks) ++{ ++ size_t i = sizeof(ks->rd_key) / sizeof(ks->rd_key[0]); ++ unsigned int *key = ks->rd_key; ++ ++ while (i--) { ++ asm volatile ("bswapl %0":"+r" (*key)); ++ key++; ++ } ++} ++# endif ++ + # endif ++ + /* The RNG call itself */ + static inline unsigned int padlock_xstore(void *addr, unsigned int edx_in) + { +-- +2.2.2 + diff --git a/system/openssl/1003-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch b/system/openssl/1003-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch new file mode 100644 index 000000000..5a2cdd633 --- /dev/null +++ b/system/openssl/1003-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch @@ -0,0 +1,782 @@ +From 728af0306505f1ff91364ac2175fb6bf5da90ec3 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi> +Date: Thu, 5 Feb 2015 09:41:12 +0200 +Subject: [PATCH] engines/e_padlock: implement sha1/sha224/sha256 acceleration + +Limited support for VIA C7 that works only when EVP_MD_CTX_FLAG_ONESHOT +is used appropriately (as done by EVP_Digest, and my previous HMAC patch). + +Full support for VIA Nano including partial transformation and 64-bit mode. + +Benchmarks from VIA Nano 1.6GHz, done with including the previous HMAC and +apps/speed patches done. From single run, error margin of about 100-200k. + +No padlock + +type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes +sha1 20057.60k 51514.05k 99721.39k 130167.81k 142811.14k +sha256 7757.72k 16907.18k 28937.05k 35181.23k 37568.51k +hmac(sha1) 8582.53k 27644.69k 70402.30k 114602.67k 140167.85k + +With the patch + +sha1 37713.77k 114562.71k 259637.33k 379907.41k 438818.13k +sha256 34262.86k 103233.75k 232476.07k 338386.60k 389860.01k +hmac(sha1) 8424.70k 31475.11k 104036.10k 245559.30k 406667.26k +--- + engines/e_padlock.c | 663 ++++++++++++++++++++++++++++++++++++++++++++++++---- + 1 file changed, 614 insertions(+), 49 deletions(-) + +diff --git a/engines/e_padlock.c b/engines/e_padlock.c +index 94406cb..5e99114 100644 +--- a/engines/e_padlock.c ++++ b/engines/e_padlock.c +@@ -3,6 +3,9 @@ + * Written by Michal Ludvig <michal@logix.cz> + * http://www.logix.cz/michal + * ++ * SHA support by Timo Teras <timo.teras@iki.fi>. Portions based on ++ * code originally written by Michal Ludvig. ++ * + * Big thanks to Andy Polyakov for a help with optimization, + * assembler fixes, port to MS Windows and a lot of other + * valuable work on this engine! +@@ -63,7 +66,9 @@ + */ + + #include <stdio.h> ++#include <stdint.h> + #include <string.h> ++#include <netinet/in.h> + + #include <openssl/opensslconf.h> + #include <openssl/crypto.h> +@@ -73,11 +78,32 @@ + #ifndef OPENSSL_NO_AES + # include <openssl/aes.h> + #endif ++#ifndef OPENSSL_NO_SHA ++# include <openssl/sha.h> ++#endif + #include <openssl/rand.h> + #include <openssl/err.h> + + #ifndef OPENSSL_NO_HW +-# ifndef OPENSSL_NO_HW_PADLOCK ++# ifndef OPENSSL_NO_HW_PADLOCK ++ ++/* PadLock RNG is disabled by default */ ++# define PADLOCK_NO_RNG 1 ++ ++/* No ASM routines for SHA in MSC yet */ ++# ifdef _MSC_VER ++# define OPENSSL_NO_SHA ++# endif ++ ++/* 64-bit mode does not need software SHA1 as fallback, we can ++ * do all operations with padlock */ ++# if defined(__x86_64__) || defined(__x86_64) ++# define PADLOCK_NEED_FALLBACK_SHA 0 ++# else ++# define PADLOCK_NEED_FALLBACK_SHA 1 ++# endif ++ ++# define PADLOCK_MAX_FINALIZING_LENGTH 0x1FFFFFFE + + /* Attempt to have a single source for both 0.9.7 and 0.9.8 :-) */ + # if (OPENSSL_VERSION_NUMBER >= 0x00908000L) +@@ -151,60 +177,42 @@ void ENGINE_load_padlock(void) + static int padlock_available(void); + static int padlock_init(ENGINE *e); + ++# ifndef PADLOCK_NO_RNG + /* RNG Stuff */ + static RAND_METHOD padlock_rand; +- +-/* Cipher Stuff */ +-# ifndef OPENSSL_NO_AES +-static int padlock_ciphers(ENGINE *e, const EVP_CIPHER **cipher, +- const int **nids, int nid); + # endif + + /* Engine names */ + static const char *padlock_id = "padlock"; + static char padlock_name[100]; + ++static int padlock_bind_helper(ENGINE *e); ++ + /* Available features */ +-static int padlock_use_ace = 0; /* Advanced Cryptography Engine */ +-static int padlock_use_rng = 0; /* Random Number Generator */ ++enum padlock_flags { ++ PADLOCK_RNG = 0x01, ++ PADLOCK_ACE = 0x02, ++ PADLOCK_ACE2 = 0x04, ++ PADLOCK_PHE = 0x08, ++ PADLOCK_PMM = 0x10, ++ PADLOCK_NANO = 0x20, ++}; ++enum padlock_flags padlock_flags; ++ ++#define PADLOCK_HAVE_RNG (padlock_flags & PADLOCK_RNG) ++#define PADLOCK_HAVE_ACE (padlock_flags & (PADLOCK_ACE|PADLOCK_ACE2)) ++#define PADLOCK_HAVE_ACE1 (padlock_flags & PADLOCK_ACE) ++#define PADLOCK_HAVE_ACE2 (padlock_flags & PADLOCK_ACE2) ++#define PADLOCK_HAVE_PHE (padlock_flags & PADLOCK_PHE) ++#define PADLOCK_HAVE_PMM (padlock_flags & PADLOCK_PMM) ++#define PADLOCK_HAVE_NANO (padlock_flags & PADLOCK_NANO) ++ + # ifndef OPENSSL_NO_AES + static int padlock_aes_align_required = 1; + # endif + + /* ===== Engine "management" functions ===== */ + +-/* Prepare the ENGINE structure for registration */ +-static int padlock_bind_helper(ENGINE *e) +-{ +- /* Check available features */ +- padlock_available(); +- +-# if 1 /* disable RNG for now, see commentary in +- * vicinity of RNG code */ +- padlock_use_rng = 0; +-# endif +- +- /* Generate a nice engine name with available features */ +- BIO_snprintf(padlock_name, sizeof(padlock_name), +- "VIA PadLock (%s, %s)", +- padlock_use_rng ? "RNG" : "no-RNG", +- padlock_use_ace ? "ACE" : "no-ACE"); +- +- /* Register everything or return with an error */ +- if (!ENGINE_set_id(e, padlock_id) || +- !ENGINE_set_name(e, padlock_name) || +- !ENGINE_set_init_function(e, padlock_init) || +-# ifndef OPENSSL_NO_AES +- (padlock_use_ace && !ENGINE_set_ciphers(e, padlock_ciphers)) || +-# endif +- (padlock_use_rng && !ENGINE_set_RAND(e, &padlock_rand))) { +- return 0; +- } +- +- /* Everything looks good */ +- return 1; +-} +- + # ifdef OPENSSL_NO_DYNAMIC_ENGINE + + /* Constructor */ +@@ -229,7 +237,7 @@ static ENGINE *ENGINE_padlock(void) + /* Check availability of the engine */ + static int padlock_init(ENGINE *e) + { +- return (padlock_use_rng || padlock_use_ace); ++ return padlock_flags; + } + + /* +@@ -377,10 +385,20 @@ static int padlock_available(void) + "=d"(edx)::"ecx"); + + /* Fill up some flags */ +- padlock_use_ace = ((edx & (0x3 << 6)) == (0x3 << 6)); +- padlock_use_rng = ((edx & (0x3 << 2)) == (0x3 << 2)); +- +- return padlock_use_ace + padlock_use_rng; ++ padlock_flags |= ((edx & (0x3<<3)) ? PADLOCK_RNG : 0); ++ padlock_flags |= ((edx & (0x3<<7)) ? PADLOCK_ACE : 0); ++ padlock_flags |= ((edx & (0x3<<9)) ? PADLOCK_ACE2 : 0); ++ padlock_flags |= ((edx & (0x3<<11)) ? PADLOCK_PHE : 0); ++ padlock_flags |= ((edx & (0x3<<13)) ? PADLOCK_PMM : 0); ++ ++ /* Check for VIA Nano CPU */ ++ eax = 0x00000001; ++ asm volatile ("pushl %%ebx; cpuid; popl %%ebx" ++ : "+a"(eax) : : "ecx", "edx"); ++ if ((eax | 0x000F) == 0x06FF) ++ padlock_flags |= PADLOCK_NANO; ++ ++ return padlock_flags; + } + + /* +@@ -473,10 +491,14 @@ padlock_available(void) + : "+a"(eax), "=d"(edx) : : "rbx", "rcx"); + + /* Fill up some flags */ +- padlock_use_ace = ((edx & (0x3<<6)) == (0x3<<6)); +- padlock_use_rng = ((edx & (0x3<<2)) == (0x3<<2)); +- +- return padlock_use_ace + padlock_use_rng; ++ padlock_flags |= ((edx & (0x3<<3)) ? PADLOCK_RNG : 0); ++ padlock_flags |= ((edx & (0x3<<7)) ? PADLOCK_ACE : 0); ++ padlock_flags |= ((edx & (0x3<<9)) ? PADLOCK_ACE2 : 0); ++ padlock_flags |= ((edx & (0x3<<11)) ? PADLOCK_PHE : 0); ++ padlock_flags |= ((edx & (0x3<<13)) ? PADLOCK_PMM : 0); ++ padlock_flags |= PADLOCK_NANO; ++ ++ return padlock_flags; + } + + /* Force key reload from memory to the CPU microcode. +@@ -1293,6 +1315,496 @@ padlock_aes_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out_arg, + + # endif /* OPENSSL_NO_AES */ + ++#ifndef OPENSSL_NO_SHA ++ ++static inline void ++padlock_copy_bswap(void *dst, void *src, size_t count) ++{ ++ uint32_t *udst = dst, *usrc = src; ++ int i = 0; ++ ++ for (i = 0; i < count; i++) ++ udst[i] = htonl(usrc[i]); ++} ++ ++static unsigned long padlock_sha_prepare_padding( ++ EVP_MD_CTX *ctx, ++ unsigned char *padding, ++ unsigned char *data, size_t data_len, ++ uint64_t total) ++{ ++ unsigned int padding_len; ++ ++ padding_len = data_len < 56 ? SHA_CBLOCK : 2 * SHA_CBLOCK; ++ if (data_len) ++ memcpy(padding, data, data_len); ++ ++ memset(padding + data_len, 0, padding_len - data_len); ++ padding[data_len] = 0x80; ++ *(uint32_t *)(padding + padding_len - 8) = htonl(total >> 32); ++ *(uint32_t *)(padding + padding_len - 4) = htonl(total & 0xffffffff); ++ ++ return data_len < 56 ? 1 : 2; ++} ++ ++#define PADLOCK_SHA_ALIGN(dd) (uint32_t*)(((uintptr_t)(dd) + 15) & ~15) ++#define PADLOCK_SHA_HWCTX (128+16) ++ ++static void ++padlock_sha1(void *hwctx, const void *buf, unsigned long total, unsigned long now) ++{ ++ unsigned long pos = total - now; ++ ++ asm volatile ("xsha1" ++ : "+S"(buf), "+D"(hwctx), "+a"(pos), "+c"(total) ++ : : "memory"); ++} ++ ++static void ++padlock_sha1_partial(void *hwctx, const void *buf, unsigned long blocks) ++{ ++ asm volatile ("xsha1" ++ : "+S"(buf), "+D"(hwctx), "+c"(blocks) ++ : "a"(-1L) : "memory"); ++} ++ ++static int padlock_sha1_init(EVP_MD_CTX *ctx) ++{ ++ return SHA1_Init(ctx->md_data); ++} ++ ++#if PADLOCK_NEED_FALLBACK_SHA ++ ++static int padlock_sha1_update_eden(EVP_MD_CTX *ctx, const void *data, ++ size_t len) ++{ ++ unsigned char hwctx[PADLOCK_SHA_HWCTX]; ++ uint32_t *aligned = PADLOCK_SHA_ALIGN(hwctx); ++ SHA_CTX *c = ctx->md_data; ++ uint_fast64_t total; ++ const unsigned char *p = data; ++ unsigned long l = 0; ++ ++ /* Calculate total length (Nl,Nh) is length in bits */ ++ total = (((uint_fast64_t) c->Nh) << 29) + (c->Nl >> 3); ++ total += len; ++ ++ if ((ctx->flags & EVP_MD_CTX_FLAG_ONESHOT) && ++ (total <= PADLOCK_MAX_FINALIZING_LENGTH)) { ++ if (c->num != 0) { ++ l = (len < SHA_CBLOCK - c->num) ? len : (SHA_CBLOCK - c->num); ++ if (!SHA1_Update(c, data, l)) ++ return 0; ++ p += l; ++ if (c->num != 0) { ++ p = (unsigned char *) c->data; ++ len = c->num; ++ l = 0; ++ } ++ } ++ memcpy(aligned, &c->h0, 5 * sizeof(SHA_LONG)); ++ padlock_sha1(aligned, p, total, len - l); ++ memcpy(&c->h0, aligned, 5 * sizeof(SHA_LONG)); ++ c->num = -1; ++ return 1; ++ } ++ ++ return SHA1_Update(c, data, len); ++} ++#endif ++ ++static int padlock_sha1_update(EVP_MD_CTX *ctx, const void *data, ++ size_t len) ++{ ++ unsigned char hwctx[PADLOCK_SHA_HWCTX]; ++ uint32_t *aligned = PADLOCK_SHA_ALIGN(hwctx); ++ SHA_CTX *c = ctx->md_data; ++ uint_fast64_t total; ++ unsigned char *p; ++ unsigned long n; ++ ++ /* Calculate total length (Nl,Nh) is length in bits */ ++ total = (((uint_fast64_t) c->Nh) << 29) + (c->Nl >> 3); ++ total += len; ++ c->Nh = total >> 29; ++ c->Nl = (total << 3) & 0xffffffffUL; ++ ++ memcpy(aligned, &c->h0, 5 * sizeof(SHA_LONG)); ++ ++ /* Check partial data */ ++ n = c->num; ++ if (n) { ++ p = (unsigned char *) c->data; ++ if (len >= SHA_CBLOCK || len+n >= SHA_CBLOCK) { ++ memcpy(p+n, data, SHA_CBLOCK-n); ++ padlock_sha1_partial(aligned, p, 1); ++ n = SHA_CBLOCK - n; ++ data += n; ++ len -= n; ++ c->num = 0; ++ memset(p, 0, SHA_CBLOCK); ++ } else { ++ memcpy(p+n, data, len); ++ c->num += (unsigned int)len; ++ return 1; ++ } ++ } ++ ++ /* Can we finalize straight away? */ ++ if ((ctx->flags & EVP_MD_CTX_FLAG_ONESHOT) && ++ (total <= PADLOCK_MAX_FINALIZING_LENGTH)) { ++ padlock_sha1(aligned, data, total, len); ++ memcpy(&c->h0, aligned, 5 * sizeof(SHA_LONG)); ++ c->num = -1; ++ return 1; ++ } ++ ++ /* Use nonfinalizing update */ ++ n = len / SHA_CBLOCK; ++ if (n != 0) { ++ padlock_sha1_partial(aligned, data, n); ++ data += n * SHA_CBLOCK; ++ len -= n * SHA_CBLOCK; ++ } ++ memcpy(&c->h0, aligned, 5 * sizeof(SHA_LONG)); ++ ++ /* Buffer remaining bytes */ ++ if (len) { ++ memcpy(c->data, data, len); ++ c->num = len; ++ } ++ ++ return 1; ++} ++ ++static int padlock_sha1_final(EVP_MD_CTX *ctx, unsigned char *md) ++{ ++ unsigned char hwctx[PADLOCK_SHA_HWCTX]; ++ uint32_t *aligned = PADLOCK_SHA_ALIGN(hwctx); ++ uint64_t total; ++ SHA_CTX *c = ctx->md_data; ++ ++ if (c->num == -1) { ++ padlock_copy_bswap(md, &c->h0, 5); ++ c->num = 0; ++ return 1; ++ } ++ ++ total = (((uint_fast64_t) c->Nh) << 29) + (c->Nl >> 3); ++#if PADLOCK_NEED_FALLBACK_SHA ++ if ((!PADLOCK_HAVE_NANO) && (total > PADLOCK_MAX_FINALIZING_LENGTH)) ++ return SHA1_Final(md, c); ++#endif ++ ++ memcpy(aligned, &c->h0, 5 * sizeof(SHA_LONG)); ++ if (total > PADLOCK_MAX_FINALIZING_LENGTH) { ++ unsigned char padding[2 * SHA_CBLOCK]; ++ unsigned long n; ++ ++ n = padlock_sha_prepare_padding(ctx, padding, ++ (unsigned char *) c->data, c->num, total << 3); ++ padlock_sha1_partial(aligned, padding, n); ++ } else { ++ padlock_sha1(aligned, c->data, total, c->num); ++ } ++ padlock_copy_bswap(md, aligned, 5); ++ c->num = 0; ++ ++ return 1; ++} ++ ++static EVP_MD padlock_sha1_md = { ++ NID_sha1, ++ NID_sha1WithRSAEncryption, ++ SHA_DIGEST_LENGTH, ++ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE, ++ padlock_sha1_init, ++ padlock_sha1_update, ++ padlock_sha1_final, ++ NULL, ++ NULL, ++ EVP_PKEY_RSA_method, ++ SHA_CBLOCK, ++ sizeof(SHA_CTX), ++}; ++ ++static EVP_MD padlock_dss1_md = { ++ NID_dsa, ++ NID_dsaWithSHA1, ++ SHA_DIGEST_LENGTH, ++ 0, ++ padlock_sha1_init, ++ padlock_sha1_update, ++ padlock_sha1_final, ++ NULL, ++ NULL, ++ EVP_PKEY_DSA_method, ++ SHA_CBLOCK, ++ sizeof(SHA_CTX), ++}; ++ ++ ++#if !defined(OPENSSL_NO_SHA256) ++ ++static void ++padlock_sha256(void *hwctx, const void *buf, unsigned long total, unsigned long now) ++{ ++ unsigned long pos = total - now; ++ ++ asm volatile ("xsha256" ++ : "+S"(buf), "+D"(hwctx), "+a"(pos), "+c"(total) ++ : : "memory"); ++} ++ ++static void ++padlock_sha256_partial(void *hwctx, const void *buf, unsigned long blocks) ++{ ++ asm volatile ("xsha256" ++ : "+S"(buf), "+D"(hwctx), "+c"(blocks) ++ : "a"(-1L) : "memory"); ++} ++ ++#if PADLOCK_NEED_FALLBACK_SHA ++ ++static int padlock_sha256_update_eden(EVP_MD_CTX *ctx, const void *data, ++ size_t len) ++{ ++ unsigned char hwctx[PADLOCK_SHA_HWCTX]; ++ uint32_t *aligned = PADLOCK_SHA_ALIGN(hwctx); ++ SHA256_CTX *c = ctx->md_data; ++ uint_fast64_t total; ++ const unsigned char *p = data; ++ unsigned int l = 0; ++ ++ /* Calculate total length (Nl,Nh) is length in bits */ ++ total = (((uint_fast64_t) c->Nh) << 29) + (c->Nl >> 3); ++ total += len; ++ ++ if ((ctx->flags & EVP_MD_CTX_FLAG_ONESHOT) && ++ (total <= PADLOCK_MAX_FINALIZING_LENGTH)) { ++ if (c->num != 0) { ++ l = (len < SHA256_CBLOCK - c->num) ? len : (SHA256_CBLOCK - c->num); ++ if (!SHA256_Update(c, data, l)) ++ return 0; ++ p += l; ++ if (c->num != 0) { ++ p = (unsigned char *) c->data; ++ len = c->num; ++ l = 0; ++ } ++ } ++ memcpy(aligned, c->h, sizeof(c->h)); ++ padlock_sha256(aligned, p, total, len - l); ++ memcpy(c->h, aligned, sizeof(c->h)); ++ c->num = -1; ++ return 1; ++ } ++ ++ return SHA256_Update(c, data, len); ++} ++ ++#endif ++ ++static int padlock_sha256_update(EVP_MD_CTX *ctx, const void *data, ++ size_t len) ++{ ++ unsigned char hwctx[PADLOCK_SHA_HWCTX]; ++ uint32_t *aligned = PADLOCK_SHA_ALIGN(hwctx); ++ SHA256_CTX *c = ctx->md_data; ++ uint_fast64_t total; ++ unsigned char *p; ++ unsigned long n; ++ ++ /* Calculate total length (Nl,Nh) is length in bits */ ++ total = (((uint_fast64_t) c->Nh) << 29) + (c->Nl >> 3); ++ total += len; ++ c->Nh = total >> 29; ++ c->Nl = (total << 3) & 0xffffffffUL; ++ ++ memcpy(aligned, c->h, sizeof(c->h)); ++ ++ /* Check partial data */ ++ n = c->num; ++ if (n) { ++ p = (unsigned char *) c->data; ++ if (len >= SHA256_CBLOCK || len+n >= SHA256_CBLOCK) { ++ memcpy(p+n, data, SHA256_CBLOCK-n); ++ padlock_sha256_partial(aligned, p, 1); ++ n = SHA256_CBLOCK - n; ++ data += n; ++ len -= n; ++ c->num = 0; ++ memset(p, 0, SHA256_CBLOCK); ++ } else { ++ memcpy(p+n, data, len); ++ c->num += (unsigned int)len; ++ return 1; ++ } ++ } ++ ++ /* Can we finalize straight away? */ ++ if ((ctx->flags & EVP_MD_CTX_FLAG_ONESHOT) && ++ (total <= PADLOCK_MAX_FINALIZING_LENGTH)) { ++ padlock_sha256(aligned, data, total, len); ++ memcpy(c->h, aligned, sizeof(c->h)); ++ c->num = -1; ++ return 1; ++ } ++ ++ /* Use nonfinalizing update */ ++ n = len / SHA256_CBLOCK; ++ if (n != 0) { ++ padlock_sha256_partial(aligned, data, n); ++ data += n * SHA256_CBLOCK; ++ len -= n * SHA256_CBLOCK; ++ } ++ memcpy(c->h, aligned, sizeof(c->h)); ++ ++ /* Buffer remaining bytes */ ++ if (len) { ++ memcpy(c->data, data, len); ++ c->num = len; ++ } ++ ++ return 1; ++} ++ ++static int padlock_sha256_final(EVP_MD_CTX *ctx, unsigned char *md) ++{ ++ unsigned char hwctx[PADLOCK_SHA_HWCTX]; ++ uint32_t *aligned = PADLOCK_SHA_ALIGN(hwctx); ++ uint64_t total; ++ SHA256_CTX *c = ctx->md_data; ++ ++ if (c->num == -1) { ++ padlock_copy_bswap(md, c->h, sizeof(c->h)/sizeof(c->h[0])); ++ c->num = 0; ++ return 1; ++ } ++ ++ total = (((uint_fast64_t) c->Nh) << 29) + (c->Nl >> 3); ++#if PADLOCK_NEED_FALLBACK_SHA ++ if ((!PADLOCK_HAVE_NANO) && (total > PADLOCK_MAX_FINALIZING_LENGTH)) ++ return SHA256_Final(md, c); ++#endif ++ ++ memcpy(aligned, c->h, sizeof(c->h)); ++ if (total > PADLOCK_MAX_FINALIZING_LENGTH) { ++ unsigned char padding[2 * SHA_CBLOCK]; ++ unsigned long n; ++ ++ n = padlock_sha_prepare_padding(ctx, padding, ++ (unsigned char *) c->data, c->num, total << 3); ++ padlock_sha256_partial(aligned, padding, n); ++ } else { ++ padlock_sha256(aligned, c->data, total, c->num); ++ } ++ padlock_copy_bswap(md, aligned, sizeof(c->h)/sizeof(c->h[0])); ++ c->num = 0; ++ return 1; ++} ++ ++#if !defined(OPENSSL_NO_SHA224) ++ ++static int padlock_sha224_init(EVP_MD_CTX *ctx) ++{ ++ return SHA224_Init(ctx->md_data); ++} ++ ++static EVP_MD padlock_sha224_md = { ++ NID_sha224, ++ NID_sha224WithRSAEncryption, ++ SHA224_DIGEST_LENGTH, ++ 0, ++ padlock_sha224_init, ++ padlock_sha256_update, ++ padlock_sha256_final, ++ NULL, ++ NULL, ++ EVP_PKEY_RSA_method, ++ SHA_CBLOCK, ++ sizeof(SHA256_CTX), ++}; ++#endif /* !OPENSSL_NO_SHA224 */ ++ ++static int padlock_sha256_init(EVP_MD_CTX *ctx) ++{ ++ return SHA256_Init(ctx->md_data); ++} ++ ++static EVP_MD padlock_sha256_md = { ++ NID_sha256, ++ NID_sha256WithRSAEncryption, ++ SHA256_DIGEST_LENGTH, ++ 0, ++ padlock_sha256_init, ++ padlock_sha256_update, ++ padlock_sha256_final, ++ NULL, ++ NULL, ++ EVP_PKEY_RSA_method, ++ SHA_CBLOCK, ++ sizeof(SHA256_CTX), ++}; ++#endif /* !OPENSSL_NO_SHA256 */ ++ ++static int padlock_digest_nids[] = { ++#if !defined(OPENSSL_NO_SHA) ++ NID_sha1, ++ NID_dsa, ++#endif ++#if !defined(OPENSSL_NO_SHA256) ++#if !defined(OPENSSL_NO_SHA224) ++ NID_sha224, ++#endif ++ NID_sha256, ++#endif ++}; ++ ++static int padlock_digest_nids_num = sizeof(padlock_digest_nids)/sizeof(padlock_digest_nids[0]); ++ ++static int ++padlock_digests (ENGINE *e, const EVP_MD **digest, const int **nids, int nid) ++{ ++ /* No specific digest => return a list of supported nids ... */ ++ if (!digest) { ++ *nids = padlock_digest_nids; ++ return padlock_digest_nids_num; ++ } ++ ++ /* ... or the requested "digest" otherwise */ ++ switch (nid) { ++#if !defined(OPENSSL_NO_SHA) ++ case NID_sha1: ++ *digest = &padlock_sha1_md; ++ break; ++ case NID_dsa: ++ *digest = &padlock_dss1_md; ++ break; ++#endif ++#if !defined(OPENSSL_NO_SHA256) ++#if !defined(OPENSSL_NO_SHA224) ++ case NID_sha224: ++ *digest = &padlock_sha224_md; ++ break; ++#endif /* OPENSSL_NO_SHA224 */ ++ case NID_sha256: ++ *digest = &padlock_sha256_md; ++ break; ++#endif /* OPENSSL_NO_SHA256 */ ++ default: ++ /* Sorry, we don't support this NID */ ++ *digest = NULL; ++ return 0; ++ } ++ ++ return 1; ++} ++ ++#endif /* OPENSSL_NO_SHA */ ++ ++#ifndef PADLOCK_NO_RNG ++ + /* ===== Random Number Generator ===== */ + /* + * This code is not engaged. The reason is that it does not comply +@@ -1356,6 +1868,59 @@ static RAND_METHOD padlock_rand = { + padlock_rand_bytes, /* pseudorand */ + padlock_rand_status, /* rand status */ + }; ++#endif /* PADLOCK_NO_RNG */ ++ ++/* Prepare the ENGINE structure for registration */ ++static int ++padlock_bind_helper(ENGINE *e) ++{ ++ /* Check available features */ ++ padlock_available(); ++ ++ /* Generate a nice engine name with available features */ ++ BIO_snprintf(padlock_name, sizeof(padlock_name), ++ "VIA PadLock: %s%s%s%s%s%s", ++ padlock_flags ? "" : "not supported", ++ PADLOCK_HAVE_RNG ? "RNG " : "", ++ PADLOCK_HAVE_ACE ? (PADLOCK_HAVE_ACE2 ? "ACE2 " : "ACE ") : "", ++ PADLOCK_HAVE_PHE ? "PHE " : "", ++ PADLOCK_HAVE_PMM ? "PMM " : "", ++ PADLOCK_HAVE_NANO ? "NANO " : "" ++ ); ++ ++#if PADLOCK_NEED_FALLBACK_SHA && !defined(OPENSSL_NO_SHA) ++ if (!PADLOCK_HAVE_NANO) { ++ padlock_sha1_md.update = padlock_sha1_update_eden; ++ padlock_dss1_md.update = padlock_sha1_update_eden; ++#if !defined(OPENSSL_NO_SHA256) ++#if !defined(OPENSSL_NO_SHA224) ++ padlock_sha224_md.update = padlock_sha256_update_eden; ++#endif ++ padlock_sha256_md.update = padlock_sha256_update_eden; ++#endif ++ } ++#endif ++ ++ /* Register everything or return with an error */ ++ if (!ENGINE_set_id(e, padlock_id) || ++ !ENGINE_set_name(e, padlock_name) || ++ !ENGINE_set_init_function(e, padlock_init) ++#ifndef OPENSSL_NO_AES ++ || (PADLOCK_HAVE_ACE && !ENGINE_set_ciphers (e, padlock_ciphers)) ++#endif ++#ifndef OPENSSL_NO_SHA ++ || (PADLOCK_HAVE_PHE && !ENGINE_set_digests (e, padlock_digests)) ++#endif ++#ifndef PADLOCK_NO_RNG ++ || (PADLOCK_HAVE_RNG && !ENGINE_set_RAND (e, &padlock_rand)) ++#endif ++ ) { ++ return 0; ++ } ++ ++ /* Everything looks good */ ++ return 1; ++} + + # else /* !COMPILE_HW_PADLOCK */ + # ifndef OPENSSL_NO_DYNAMIC_ENGINE +-- +2.2.2 + diff --git a/system/openssl/1004-crypto-engine-autoload-padlock-dynamic-engine.patch b/system/openssl/1004-crypto-engine-autoload-padlock-dynamic-engine.patch new file mode 100644 index 000000000..66f37451e --- /dev/null +++ b/system/openssl/1004-crypto-engine-autoload-padlock-dynamic-engine.patch @@ -0,0 +1,33 @@ +From a58658f191e83f4c6417d2cc879fa572f7978537 Mon Sep 17 00:00:00 2001 +From: Natanael Copa <ncopa@alpinelinux.org> +Date: Thu, 4 Feb 2016 16:28:15 +0100 +Subject: [PATCH] crypto/engine: autoload padlock dynamic engine + +--- + crypto/engine/eng_all.c | 10 ++++++++++ + 1 file changed, 10 insertions(+) + +diff --git a/crypto/engine/eng_all.c b/crypto/engine/eng_all.c +index 48ad0d2..822aa23 100644 +--- a/crypto/engine/eng_all.c ++++ b/crypto/engine/eng_all.c +@@ -120,6 +120,16 @@ void ENGINE_load_builtin_engines(void) + ENGINE_load_capi(); + # endif + #endif ++#ifdef OPENSSL_NO_STATIC_ENGINE ++ { ++ ENGINE *e = ENGINE_by_id("padlock"); ++ if (e != NULL) { ++ ENGINE_add(e); ++ ENGINE_free(e); ++ ERR_clear_error(); ++ } ++ } ++#endif + ENGINE_register_all_complete(); + } + +-- +2.7.0 + diff --git a/system/openssl/APKBUILD b/system/openssl/APKBUILD new file mode 100644 index 000000000..da5f61799 --- /dev/null +++ b/system/openssl/APKBUILD @@ -0,0 +1,151 @@ +# Maintainer: Timo Teras <timo.teras@iki.fi> +pkgname=openssl +pkgver=1.0.2n +pkgrel=0 +pkgdesc="Toolkit for SSL v2/v3 and TLS v1" +url="http://openssl.org" +depends= +makedepends_build="perl" +makedepends_host="zlib-dev" +makedepends="$makedepends_host $makedepends_build" +depends_dev="zlib-dev" +checkdepends="perl" +provides="libressl=9999" +arch="all" +license="openssl" + +subpackages="$pkgname-dbg $pkgname-dev $pkgname-doc libcrypto1.0:libcrypto libssl1.0:libssl" + +source="http://www.openssl.org/source/${pkgname}-${pkgver}.tar.gz + 0002-busybox-basename.patch + 0003-use-termios.patch + 0004-fix-default-ca-path-for-apps.patch + 0005-fix-parallel-build.patch + 0006-add-ircv3-tls-3.1-extension-support-to-s_client.patch + 0008-maintain-abi-compat-with-no-freelist-and-regular-bui.patch + 0009-no-rpath.patch + 0010-ssl-env-zlib.patch + 1001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch + 1002-backport-changes-from-upstream-padlock-module.patch + 1003-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch + " + +# secfixes: +# 1.0.2h-r0: +# - CVE-2016-2107 +# - CVE-2016-2105 +# - CVE-2016-2106 +# - CVE-2016-2109 +# - CVE-2016-2176 +# 1.0.2h-r1: +# - CVE-2016-2177 +# - CVE-2016-2178 +# 1.0.2h-r2: +# - CVE-2016-2180 +# 1.0.2h-r3: +# - CVE-2016-2179 +# - CVE-2016-2182 +# - CVE-2016-6302 +# - CVE-2016-6303 +# 1.0.2h-r4: +# - CVE-2016-2181 +# 1.0.2i-r0: +# - CVE-2016-2183 +# - CVE-2016-6304 +# - CVE-2016-6306 +# 1.0.2m-r0: +# - CVE-2017-3735 +# - CVE-2017-3736 +# 1.0.2n-r0: +# - CVE-2017-3737 +# - CVE-2017-3738 + +builddir="$srcdir"/$pkgname-$pkgver + +build() { + local _target _optflags + cd "$builddir" + + # openssl will prepend crosscompile always core CC et al + CC=${CC#${CROSS_COMPILE}} + CXX=${CXX#${CROSS_COMPILE}} + CPP=${CPP#${CROSS_COMPILE}} + + # determine target OS for openssl + case "$CARCH" in + aarch64*) _target="linux-aarch64" ;; + arm*) _target="linux-armv4" ;; + ppc) _target="linux-ppc" ;; + ppc64) _target="linux-ppc64"; _optflags="no-asm" ;; + ppc64le) _target="linux-ppc64le" ;; + i528 | pmmx | x86) _target="linux-elf" ;; + x86_64) _target="linux-x86_64"; _optflags="enable-ec_nistp_64_gcc_128" ;; + s390x) _target="linux64-s390x";; + *) msg "Unable to determine architecture from (CARCH=$CARCH)" ; return 1 ;; + esac + + # Configure assumes --options are for it, so can't use + # gcc's --sysroot fake this by overriding CC + [ -n "$CBUILDROOT" ] && CC="$CC --sysroot=${CBUILDROOT}" + + perl ./Configure $_target --prefix=/usr \ + --libdir=lib \ + --openssldir=/etc/ssl \ + shared zlib enable-montasm enable-md2 $_optflags \ + -DOPENSSL_NO_BUF_FREELISTS \ + $CPPFLAGS $CFLAGS $LDFLAGS -Wa,--noexecstack \ + enable-ssl2 + + make && make build-shared +} + +check() { + cd "$builddir" + make -j1 test +} + +package() { + cd "$builddir" + make INSTALL_PREFIX="$pkgdir" MANDIR=/usr/share/man MANSUFFIX=ssl install + # remove the script c_rehash + rm "$pkgdir"/usr/bin/c_rehash +} + +libcrypto() { + pkgdesc="Crypto library from openssl" + + mkdir -p "$subpkgdir"/lib "$subpkgdir"/usr/lib + for i in "$pkgdir"/usr/lib/libcrypto*; do + mv $i "$subpkgdir"/lib/ + ln -s ../../lib/${i##*/} "$subpkgdir"/usr/lib/${i##*/} + done + mv "$pkgdir"/usr/lib/engines "$subpkgdir"/usr/lib/ +} + +libssl() { + pkgdesc="SSL shared libraries" + + mkdir -p "$subpkgdir"/lib "$subpkgdir"/usr/lib + for i in "$pkgdir"/usr/lib/libssl*; do + mv $i "$subpkgdir"/lib/ + ln -s ../../lib/${i##*/} "$subpkgdir"/usr/lib/${i##*/} + done +} + +dev() { + provides="libressl-dev=9999" + default_dev +} + +sha512sums="144bf0d6aa27b4af01df0b7b734c39962649e1711554247d42e05e14d8945742b18745aefdba162e2dfc762b941fd7d3b2d5dc6a781ae4ba10a6f5a3cadb0687 openssl-1.0.2n.tar.gz +2244f46cb18e6b98f075051dd2446c47f7590abccd108fbab707f168a20cad8d32220d704635973f09e3b2879f523be5160f1ffbc12ab3900f8a8891dc855c5c 0002-busybox-basename.patch +58e42058a0c8086c49d681b1e226da39a8cf8cb88c51cf739dec2ff12e1bb5d7208ac5033264b186d58e9bdfe992fe9ddb95701d01caf1824396b2cefe30c0a4 0003-use-termios.patch +c67472879a31b5dbdd313892df6d37e7c93e8c0237d406c30d50b1016c2618ead3c13277f5dc723ef1ceed092d36e3c15a9777daa844f59b9fa2b0a4f04fd9ae 0004-fix-default-ca-path-for-apps.patch +5d4191482f8bbf62c75fe6bc2d9587388022c3310703c2a913788a983b1d1406e706cf3916a5792604f0b0f220a87432d3b82b442cea9915f2abb6fdd8478fcb 0005-fix-parallel-build.patch +820d4ce1c222696fe3f1dd0d11815c06262ec230fdb174532fd507286667a0aefbf858ea5edac4245a54b950cd0556545ecd0c5cf494692a2ba131c667e7bcd5 0006-add-ircv3-tls-3.1-extension-support-to-s_client.patch +17ad683bb91a3a3c5bcc456c8aed7f0b42414c6de06ebafa4753af93c42d9827c9978a43d4d53d741a45df7f7895c6f6163172af57cc7b391cfd15f45ce6c351 0008-maintain-abi-compat-with-no-freelist-and-regular-bui.patch +5dbbc01985190ae1254350fb12565beb6abb916b6a7bb1f0f22d9762b1e575d124aaf9aa4cfe5f908e420978f691072d48c61a72660f09dfd6d9a2f83f862bc1 0009-no-rpath.patch +5febe20948e3f12d981e378e1f4ea538711657aacb6865a1aa91339d4a04277e250f490a1f2abc2c6f290bdc2b1bffdba1d00983b4c09f7ea983eef8163f9420 0010-ssl-env-zlib.patch +8c181760d7a149aa18d246d50f1c0438ffb63c98677b05306dfc00400ad0429b47d31e7c8d85126005c67f743d23e7a8a81174ffe98556f4caf9cf6b04d9ff17 1001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch +a3555440b5f544bfd6b9ad97557d8f4c1d673f6a35219f65056a72035d186be5f354717ddf9784899b602464d48657b090ade24379552d43af97609c0f48c389 1002-backport-changes-from-upstream-padlock-module.patch +6353c7a94016c20db5d683dde37775f6780952ecdb1a5f39f878d04ba37f6ad79ae10fb6d65d181d912505a5d1e22463004cd855d548b364c00b120da2b0fdbc 1003-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch" diff --git a/system/polkit/0001-Bug-50145-make-netgroup-support-optional.patch b/system/polkit/0001-Bug-50145-make-netgroup-support-optional.patch new file mode 100644 index 000000000..1498e831a --- /dev/null +++ b/system/polkit/0001-Bug-50145-make-netgroup-support-optional.patch @@ -0,0 +1,108 @@ +From 2428beec9189bb93e6e1fdd5bdde35acf5279a03 Mon Sep 17 00:00:00 2001 +From: Natanael Copa <ncopa@alpinelinux.org> +Date: Sun, 20 May 2012 15:42:56 +0200 +Subject: [PATCH] Bug 50145 - make netgroup support optional + +https://bugs.freedesktop.org/show_bug.cgi?id=50145 + +netgroups are not defined in POSIX and are not be available on +all systems. + +We check for getnetgrent in configure script. + +Signed-off-by: Natanael Copa <ncopa@alpinelinux.org> +--- + configure.ac | 2 +- + src/polkitbackend/polkitbackendlocalauthority.c | 8 ++++++-- + src/polkitbackend/polkitbackendlocalauthorizationstore.c | 3 ++- + 3 files changed, 9 insertions(+), 4 deletions(-) + +diff --git a/configure.ac b/configure.ac +index f325922..711aa7c 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -141,7 +141,7 @@ AC_CHECK_LIB(expat,XML_ParserCreate,[EXPAT_LIBS="-lexpat"], + [AC_MSG_ERROR([Can't find expat library. Please install expat.])]) + AC_SUBST(EXPAT_LIBS) + +-AC_CHECK_FUNCS(clearenv) ++AC_CHECK_FUNCS(clearenv getnetgrent) + + if test "x$GCC" = "xyes"; then + LDFLAGS="-Wl,--as-needed $LDFLAGS" +diff --git a/src/polkitbackend/polkitbackendlocalauthority.c b/src/polkitbackend/polkitbackendlocalauthority.c +index b53eda3..f14e924 100644 +--- a/src/polkitbackend/polkitbackendlocalauthority.c ++++ b/src/polkitbackend/polkitbackendlocalauthority.c +@@ -52,9 +52,10 @@ + + static GList *get_users_in_group (PolkitIdentity *group, + gboolean include_root); +- ++#if defined HAVE_GETNETGRENT + static GList *get_users_in_net_group (PolkitIdentity *group, + gboolean include_root); ++#endif + + static GList *get_groups_for_user (PolkitIdentity *user); + +@@ -511,10 +512,12 @@ polkit_backend_local_authority_get_admin_auth_identities (PolkitBackendInteracti + { + ret = g_list_concat (ret, get_users_in_group (identity, FALSE)); + } ++#if defined HAVE_GETNETGRENT + else if (POLKIT_IS_UNIX_NETGROUP (identity)) + { + ret = g_list_concat (ret, get_users_in_net_group (identity, FALSE)); + } ++#endif + else + { + g_warning ("Unsupported identity %s", admin_identities[n]); +@@ -690,6 +693,7 @@ get_users_in_group (PolkitIdentity *group, + return ret; + } + ++#if defined HAVE_GETNETGRENT + static GList * + get_users_in_net_group (PolkitIdentity *group, + gboolean include_root) +@@ -741,7 +745,7 @@ get_users_in_net_group (PolkitIdentity *group, + endnetgrent (); + return ret; + } +- ++#endif + + static GList * + get_groups_for_user (PolkitIdentity *user) +diff --git a/src/polkitbackend/polkitbackendlocalauthorizationstore.c b/src/polkitbackend/polkitbackendlocalauthorizationstore.c +index 2ddfe75..02553c4 100644 +--- a/src/polkitbackend/polkitbackendlocalauthorizationstore.c ++++ b/src/polkitbackend/polkitbackendlocalauthorizationstore.c +@@ -725,6 +725,7 @@ polkit_backend_local_authorization_store_lookup (PolkitBackendLocalAuthorization + break; + } + ++#if defined HAVE_GETNETGRENT + /* if no identity specs matched and identity is a user, match against netgroups */ + if (ll == NULL && POLKIT_IS_UNIX_USER (identity)) + { +@@ -732,13 +733,13 @@ polkit_backend_local_authorization_store_lookup (PolkitBackendLocalAuthorization + const gchar *user_name = polkit_unix_user_get_name (user_identity); + if (!user_name) + continue; +- + for (ll = authorization->netgroup_identities; ll != NULL; ll = ll->next) + { + if (innetgr ((const gchar *) ll->data, NULL, user_name, NULL)) + break; + } + } ++#endif + + if (ll == NULL) + continue; +-- +1.7.10.2 + diff --git a/system/polkit/APKBUILD b/system/polkit/APKBUILD new file mode 100644 index 000000000..fdc37d634 --- /dev/null +++ b/system/polkit/APKBUILD @@ -0,0 +1,80 @@ +# Contributor: Carlo Landmeter +# Maintainer: Natanael Copa <ncopa@alpinelinux.org> +pkgname=polkit +pkgver=0.105 +pkgrel=8 +pkgdesc="Application development toolkit for controlling system-wide privileges" +url="http://www.freedesktop.org/wiki/Software/polkit/" +arch="all" +license="LGPL" +depends= +options="suid" +depends_dev="eggdbus-dev dbus-glib-dev linux-pam-dev" +makedepends="$depends_dev expat-dev glib-dev gtk-doc gobject-introspection-dev + intltool autoconf automake libtool" +install= +subpackages="$pkgname-dev $pkgname-doc $pkgname-lang" +source="http://www.freedesktop.org/software/polkit/releases/polkit-$pkgver.tar.gz + 0001-Bug-50145-make-netgroup-support-optional.patch + CVE-2013-4288.patch + CVE-2015-3218.patch + CVE-2015-3255.patch + CVE-2015-4625.patch + automake.patch + fix-parallel-make.patch + fix-consolekit-db-stat.patch + fix-test-fgetpwent.patch + disable-ck-test.patch +" + +prepare() { + cd "$builddir" + update_config_sub + default_prepare + libtoolize --force && aclocal && autoconf && automake --add-missing +} + +build() { + cd "$builddir" + ./configure \ + --build=$CBUILD \ + --host=$CHOST \ + --prefix=/usr \ + --sysconfdir=/etc \ + --mandir=/usr/share/man \ + --infodir=/usr/share/info \ + --libexecdir=/usr/lib/polkit-1 \ + --localstatedir=/var \ + --disable-static \ + --enable-nls \ + --enable-introspection \ + --with-os-type=alpine \ + --with-pam-include=base-auth \ + --disable-gtk-doc \ + --disable-gtk-doc-html \ + --disable-gtk-doc-pdf + + make +} + +check() { + cd "$builddir" + make check +} + +package() { + cd "$builddir" + make DESTDIR="$pkgdir" install +} + +sha512sums="7c0f84b9639814b4690e42b570285ff2018a5ea4cfd7216d9abf44c84ece6592c530f2d6211511c1346963daf4f135e9fa79d1b2f592b454115950991b5e4bc3 polkit-0.105.tar.gz +09ca9c14044c0a281e9069919efbb6d14918f23f58a282b5ce25c8a6640966396904373822869fe994c711f40c33d5c34cf3b77f85a59e239ba3d0c22a31ca8e 0001-Bug-50145-make-netgroup-support-optional.patch +d6de3beb063243c11906f525ef2eb65aeca823c25b1f44dde4a16f4fc2c5ce587b129e0bfb25a4a4b88ac2bf5713c47e57700c139323d961c9f9b6ba4c03fffb CVE-2013-4288.patch +625be61ca38267508bb360002c410414f7ca814487f4a51257906118731e208be0c90d21f45ac90fd9f64f2f5937fa1e312d6900179853fabbaaf5e75073c82c CVE-2015-3218.patch +0b26b819da0b34f10ff8a768850560b3207a6e10a7141bd1aa4769c1cb2829eb110164974b99d993d4e3a62145ace0fc5375489f84d2b56fe08e3430e3232aa8 CVE-2015-3255.patch +32ecc38db938fc1e3d14ffd9c492d12a42a91750e0eb1f66f8346d0cefd6e18fd0dffac8bffc65578cfb56c9598d3b336721477e8496de2619d6d69f1a6b309e CVE-2015-4625.patch +25465a23332247d0873e24cb5f011a267413615526755a8295a6367d64fc5eb8c2aa3c9c1fdcfa183b39e3ece14f33b25f15a339d966a31f3feb861b3f17adbf automake.patch +6b0d9262ba8b3c000acdcc8c86bd6fc043e5750a0155730638d4e3a92e63f43cb476d63b11856c041d60d8f38f7eb5ada0eb0eced9100bdac3bc2c7dd5108ddd fix-parallel-make.patch +95493ef842b46ce9e724933a5d86083589075fb452435057b8f629643cac7c7eff67a24fd188087987e98057f0130757fad546d0c090767da3d71ebaf8485a24 fix-consolekit-db-stat.patch +966825aded565432f4fda9e54113a773b514ebf7ee7faa83bcb8b97d218ae84a8707d6747bbc3cb8a828638d692fdef34c05038f150ad38e02a29f2c782aba5b fix-test-fgetpwent.patch +f73ab05ab5fdc90d3961fdcf88fa57eee8c90af4960b20d7ac845d2395c4cc20873ddc72bfd00fd127471336807faa705d0845444a0218343e74063e8f190980 disable-ck-test.patch" diff --git a/system/polkit/CVE-2013-4288.patch b/system/polkit/CVE-2013-4288.patch new file mode 100644 index 000000000..0ca8131e8 --- /dev/null +++ b/system/polkit/CVE-2013-4288.patch @@ -0,0 +1,123 @@ +From a3fa3b86f0015e42a534526ed800bcde5b3f2a15 Mon Sep 17 00:00:00 2001 +From: Colin Walters <walters@verbum.org> +Date: Mon, 19 Aug 2013 12:16:11 -0400 +Subject: [PATCH] pkcheck: Support --process=pid,start-time,uid syntax too + +The uid is a new addition; this allows callers such as libvirt to +close a race condition in reading the uid of the process talking to +them. They can read it via getsockopt(SO_PEERCRED) or equivalent, +rather than having pkcheck look at /proc later after the fact. + +Programs which invoke pkcheck but need to know beforehand (i.e. at +compile time) whether or not it supports passing the uid can +use: + +pkcheck_supports_uid=$($PKG_CONFIG --variable pkcheck_supports_uid polkit-gobject-1) +test x$pkcheck_supports_uid = xyes + +Conflicts: + docs/man/pkcheck.xml + src/programs/pkcheck.c +--- + data/polkit-gobject-1.pc.in | 3 +++ + docs/man/pkcheck.xml | 33 +++++++++++++++++++++------------ + src/programs/pkcheck.c | 7 ++++++- + 3 files changed, 30 insertions(+), 13 deletions(-) + +diff --git a/data/polkit-gobject-1.pc.in b/data/polkit-gobject-1.pc.in +index c39677d..5c4c620 100644 +--- a/data/polkit-gobject-1.pc.in ++++ b/data/polkit-gobject-1.pc.in +@@ -11,3 +11,6 @@ Version: @VERSION@ + Libs: -L${libdir} -lpolkit-gobject-1 + Cflags: -I${includedir}/polkit-1 + Requires: gio-2.0 >= 2.18 glib-2.0 >= 2.18 ++# Programs using pkcheck can use this to determine ++# whether or not it can be passed a uid. ++pkcheck_supports_uid=true +diff --git a/docs/man/pkcheck.xml b/docs/man/pkcheck.xml +index 6b8a874..9f2faef 100644 +--- a/docs/man/pkcheck.xml ++++ b/docs/man/pkcheck.xml +@@ -55,6 +55,9 @@ + <arg choice="plain"> + <replaceable>pid,pid-start-time</replaceable> + </arg> ++ <arg choice="plain"> ++ <replaceable>pid,pid-start-time,uid</replaceable> ++ </arg> + </group> + </arg> + <arg choice="plain"> +@@ -90,7 +93,7 @@ + <title>DESCRIPTION</title> + <para> + <command>pkcheck</command> is used to check whether a process, specified by +- either <option>--process</option> or <option>--system-bus-name</option>, ++ either <option>--process</option> (see below) or <option>--system-bus-name</option>, + is authorized for <replaceable>action</replaceable>. The <option>--detail</option> + option can be used zero or more times to pass details about <replaceable>action</replaceable>. + If <option>--allow-user-interaction</option> is passed, <command>pkcheck</command> blocks +@@ -160,17 +163,23 @@ KEY3=VALUE3 + <refsect1 id="pkcheck-notes"> + <title>NOTES</title> + <para> +- Since process identifiers can be recycled, the caller should always use +- <replaceable>pid,pid-start-time</replaceable> to specify the process +- to check for authorization when using the <option>--process</option> option. +- The value of <replaceable>pid-start-time</replaceable> +- can be determined by consulting e.g. the +- <citerefentry> +- <refentrytitle>proc</refentrytitle><manvolnum>5</manvolnum> +- </citerefentry> +- file system depending on the operating system. If only <replaceable>pid</replaceable> +- is passed to the <option>--process</option> option, then <command>pkcheck</command> +- will look up the start time itself but note that this may be racy. ++ Do not use either the bare <replaceable>pid</replaceable> or ++ <replaceable>pid,start-time</replaceable> syntax forms for ++ <option>--process</option>. There are race conditions in both. ++ New code should always use ++ <replaceable>pid,pid-start-time,uid</replaceable>. The value of ++ <replaceable>start-time</replaceable> can be determined by ++ consulting e.g. the ++ <citerefentry><refentrytitle>proc</refentrytitle><manvolnum>5</manvolnum></citerefentry> ++ file system depending on the operating system. If fewer than 3 ++ arguments are passed, <command>pkcheck</command> will attempt to ++ look up them up internally, but note that this may be racy. ++ </para> ++ <para> ++ If your program is a daemon with e.g. a custom Unix domain ++ socket, you should determine the <replaceable>uid</replaceable> ++ parameter via operating system mechanisms such as ++ <literal>PEERCRED</literal>. + </para> + </refsect1> + +diff --git a/src/programs/pkcheck.c b/src/programs/pkcheck.c +index 719a36c..057e926 100644 +--- a/src/programs/pkcheck.c ++++ b/src/programs/pkcheck.c +@@ -372,6 +372,7 @@ main (int argc, char *argv[]) + else if (g_strcmp0 (argv[n], "--process") == 0 || g_strcmp0 (argv[n], "-p") == 0) + { + gint pid; ++ guint uid; + guint64 pid_start_time; + + n++; +@@ -381,7 +382,11 @@ main (int argc, char *argv[]) + goto out; + } + +- if (sscanf (argv[n], "%i,%" G_GUINT64_FORMAT, &pid, &pid_start_time) == 2) ++ if (sscanf (argv[n], "%i,%" G_GUINT64_FORMAT ",%u", &pid, &pid_start_time, &uid) == 3) ++ { ++ subject = polkit_unix_process_new_for_owner (pid, pid_start_time, uid); ++ } ++ else if (sscanf (argv[n], "%i,%" G_GUINT64_FORMAT, &pid, &pid_start_time) == 2) + { + subject = polkit_unix_process_new_full (pid, pid_start_time); + } +-- +1.8.5.1 + diff --git a/system/polkit/CVE-2015-3218.patch b/system/polkit/CVE-2015-3218.patch new file mode 100644 index 000000000..977825102 --- /dev/null +++ b/system/polkit/CVE-2015-3218.patch @@ -0,0 +1,115 @@ +From 48e646918efb2bf0b3b505747655726d7869f31c Mon Sep 17 00:00:00 2001 +From: Colin Walters <walters@redhat.com> +Date: Sat, 30 May 2015 09:06:23 -0400 +Subject: CVE-2015-3218: backend: Handle invalid object paths in + RegisterAuthenticationAgent +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Properly propagate the error, otherwise we dereference a `NULL` +pointer. This is a local, authenticated DoS. + +`RegisterAuthenticationAgentWithOptions` and +`UnregisterAuthentication` have been validated to not need changes for +this. + +http://lists.freedesktop.org/archives/polkit-devel/2015-May/000420.html +https://bugs.freedesktop.org/show_bug.cgi?id=90829 + +Reported-by: Tavis Ormandy <taviso@google.com> +Reviewed-by: Philip Withnall <philip@tecnocode.co.uk> +Reviewed-by: Miloslav Trmač <mitr@redhat.com> +Signed-off-by: Colin Walters <walters@redhat.com> + +diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c +index f6ea0fc..587f954 100644 +--- a/src/polkitbackend/polkitbackendinteractiveauthority.c ++++ b/src/polkitbackend/polkitbackendinteractiveauthority.c +@@ -1566,36 +1566,42 @@ authentication_agent_new (PolkitSubject *scope, + const gchar *unique_system_bus_name, + const gchar *locale, + const gchar *object_path, +- GVariant *registration_options) ++ GVariant *registration_options, ++ GError **error) + { + AuthenticationAgent *agent; +- GError *error; ++ GDBusProxy *proxy; + +- agent = g_new0 (AuthenticationAgent, 1); ++ if (!g_variant_is_object_path (object_path)) ++ { ++ g_set_error (error, POLKIT_ERROR, POLKIT_ERROR_FAILED, ++ "Invalid object path '%s'", object_path); ++ return NULL; ++ } ++ ++ proxy = g_dbus_proxy_new_for_bus_sync (G_BUS_TYPE_SYSTEM, ++ G_DBUS_PROXY_FLAGS_DO_NOT_LOAD_PROPERTIES | ++ G_DBUS_PROXY_FLAGS_DO_NOT_CONNECT_SIGNALS, ++ NULL, /* GDBusInterfaceInfo* */ ++ unique_system_bus_name, ++ object_path, ++ "org.freedesktop.PolicyKit1.AuthenticationAgent", ++ NULL, /* GCancellable* */ ++ error); ++ if (proxy == NULL) ++ { ++ g_prefix_error (error, "Failed to construct proxy for agent: " ); ++ return NULL; ++ } + ++ agent = g_new0 (AuthenticationAgent, 1); + agent->ref_count = 1; + agent->scope = g_object_ref (scope); + agent->object_path = g_strdup (object_path); + agent->unique_system_bus_name = g_strdup (unique_system_bus_name); + agent->locale = g_strdup (locale); + agent->registration_options = registration_options != NULL ? g_variant_ref (registration_options) : NULL; +- +- error = NULL; +- agent->proxy = g_dbus_proxy_new_for_bus_sync (G_BUS_TYPE_SYSTEM, +- G_DBUS_PROXY_FLAGS_DO_NOT_LOAD_PROPERTIES | +- G_DBUS_PROXY_FLAGS_DO_NOT_CONNECT_SIGNALS, +- NULL, /* GDBusInterfaceInfo* */ +- agent->unique_system_bus_name, +- agent->object_path, +- "org.freedesktop.PolicyKit1.AuthenticationAgent", +- NULL, /* GCancellable* */ +- &error); +- if (agent->proxy == NULL) +- { +- g_warning ("Error constructing proxy for agent: %s", error->message); +- g_error_free (error); +- /* TODO: Make authentication_agent_new() return NULL and set a GError */ +- } ++ agent->proxy = proxy; + + return agent; + } +@@ -2398,8 +2404,6 @@ polkit_backend_interactive_authority_register_authentication_agent (PolkitBacken + caller_cmdline = NULL; + agent = NULL; + +- /* TODO: validate that object path is well-formed */ +- + interactive_authority = POLKIT_BACKEND_INTERACTIVE_AUTHORITY (authority); + priv = POLKIT_BACKEND_INTERACTIVE_AUTHORITY_GET_PRIVATE (interactive_authority); + +@@ -2486,7 +2490,10 @@ polkit_backend_interactive_authority_register_authentication_agent (PolkitBacken + polkit_system_bus_name_get_name (POLKIT_SYSTEM_BUS_NAME (caller)), + locale, + object_path, +- options); ++ options, ++ error); ++ if (!agent) ++ goto out; + + g_hash_table_insert (priv->hash_scope_to_authentication_agent, + g_object_ref (subject), +-- +cgit v0.10.2 + diff --git a/system/polkit/CVE-2015-3255.patch b/system/polkit/CVE-2015-3255.patch new file mode 100644 index 000000000..1bd7c6bcf --- /dev/null +++ b/system/polkit/CVE-2015-3255.patch @@ -0,0 +1,67 @@ +From 9f5e0c731784003bd4d6fc75ab739ff8b2ea269f Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= <mitr@redhat.com> +Date: Wed, 1 Apr 2015 05:22:37 +0200 +Subject: CVE-2015-3255 Fix GHashTable usage. + +Don't assume that the hash table with free both the key and the value +at the same time, supply proper deallocation functions for the key +and value separately. + +Then drop ParsedAction::action_id which is no longer used for anything. + +https://bugs.freedesktop.org/show_bug.cgi?id=69501 +and +https://bugs.freedesktop.org/show_bug.cgi?id=83590 + +CVE: CVE-2015-3255 + +diff --git a/src/polkitbackend/polkitbackendactionpool.c b/src/polkitbackend/polkitbackendactionpool.c +index bc14381..3894fe9 100644 +--- a/src/polkitbackend/polkitbackendactionpool.c ++++ b/src/polkitbackend/polkitbackendactionpool.c +@@ -40,7 +40,6 @@ + + typedef struct + { +- gchar *action_id; + gchar *vendor_name; + gchar *vendor_url; + gchar *icon_name; +@@ -62,7 +61,6 @@ typedef struct + static void + parsed_action_free (ParsedAction *action) + { +- g_free (action->action_id); + g_free (action->vendor_name); + g_free (action->vendor_url); + g_free (action->icon_name); +@@ -134,7 +132,7 @@ polkit_backend_action_pool_init (PolkitBackendActionPool *pool) + + priv->parsed_actions = g_hash_table_new_full (g_str_hash, + g_str_equal, +- NULL, ++ g_free, + (GDestroyNotify) parsed_action_free); + + priv->parsed_files = g_hash_table_new_full (g_str_hash, +@@ -988,7 +986,6 @@ _end (void *data, const char *el) + icon_name = pd->global_icon_name; + + action = g_new0 (ParsedAction, 1); +- action->action_id = g_strdup (pd->action_id); + action->vendor_name = g_strdup (vendor); + action->vendor_url = g_strdup (vendor_url); + action->icon_name = g_strdup (icon_name); +@@ -1003,7 +1000,8 @@ _end (void *data, const char *el) + action->implicit_authorization_inactive = pd->implicit_authorization_inactive; + action->implicit_authorization_active = pd->implicit_authorization_active; + +- g_hash_table_insert (priv->parsed_actions, action->action_id, action); ++ g_hash_table_insert (priv->parsed_actions, g_strdup (pd->action_id), ++ action); + + /* we steal these hash tables */ + pd->annotations = NULL; +-- +cgit v0.10.2 + diff --git a/system/polkit/CVE-2015-4625.patch b/system/polkit/CVE-2015-4625.patch new file mode 100644 index 000000000..4a43fb433 --- /dev/null +++ b/system/polkit/CVE-2015-4625.patch @@ -0,0 +1,1008 @@ +From ea544ffc18405237ccd95d28d7f45afef49aca17 Mon Sep 17 00:00:00 2001 +From: Colin Walters <walters@redhat.com> +Date: Thu, 4 Jun 2015 12:15:18 -0400 +Subject: CVE-2015-4625: Use unpredictable cookie values, keep them secret +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Tavis noted that it'd be possible with a 32 bit counter for someone to +cause the cookie to wrap by creating Authentication requests in a +loop. + +Something important to note here is that wrapping of signed integers +is undefined behavior in C, so we definitely want to fix that. All +counter integers used in this patch are unsigned. + +See the comment above `authentication_agent_generate_cookie` for +details, but basically we're now using a cookie of the form: + +``` + <agent serial> - <agent random id> - <session serial> - <session +random id> +``` + +Which has multiple 64 bit counters, plus unpredictable random 128 bit +integer ids (effectively UUIDs, but we're not calling them that +because we don't need to be globally unique. + +We further ensure that the cookies are not visible to other processes +by changing the setuid helper to accept them over standard input. This +means that an attacker would have to guess both ids. + +In any case, the security hole here is better fixed with the other +change to bind user id (uid) of the agent with cookie lookups, making +cookie guessing worthless. + +Nevertheless, I think it's worth doing this change too, for defense in +depth. + +Bug: https://bugs.freedesktop.org/show_bug.cgi?id=90832 +CVE: CVE-2015-4625 +Reported-by: Tavis Ormandy <taviso@google.com> +Reviewed-by: Miloslav Trmač <mitr@redhat.com> +Signed-off-by: Colin Walters <walters@redhat.com> + +diff --git a/src/polkitagent/polkitagenthelper-pam.c b/src/polkitagent/polkitagenthelper-pam.c +index 937386e..19062aa 100644 +--- a/src/polkitagent/polkitagenthelper-pam.c ++++ b/src/polkitagent/polkitagenthelper-pam.c +@@ -65,7 +65,7 @@ main (int argc, char *argv[]) + { + int rc; + const char *user_to_auth; +- const char *cookie; ++ char *cookie = NULL; + struct pam_conv pam_conversation; + pam_handle_t *pam_h; + const void *authed_user; +@@ -97,7 +97,7 @@ main (int argc, char *argv[]) + openlog ("polkit-agent-helper-1", LOG_CONS | LOG_PID, LOG_AUTHPRIV); + + /* check for correct invocation */ +- if (argc != 3) ++ if (!(argc == 2 || argc == 3)) + { + syslog (LOG_NOTICE, "inappropriate use of helper, wrong number of arguments [uid=%d]", getuid ()); + fprintf (stderr, "polkit-agent-helper-1: wrong number of arguments. This incident has been logged.\n"); +@@ -105,7 +105,10 @@ main (int argc, char *argv[]) + } + + user_to_auth = argv[1]; +- cookie = argv[2]; ++ ++ cookie = read_cookie (argc, argv); ++ if (!cookie) ++ goto error; + + if (getuid () != 0) + { +@@ -203,6 +206,8 @@ main (int argc, char *argv[]) + goto error; + } + ++ free (cookie); ++ + #ifdef PAH_DEBUG + fprintf (stderr, "polkit-agent-helper-1: successfully sent D-Bus message to PolicyKit daemon\n"); + #endif /* PAH_DEBUG */ +@@ -212,6 +217,7 @@ main (int argc, char *argv[]) + return 0; + + error: ++ free (cookie); + if (pam_h != NULL) + pam_end (pam_h, rc); + +diff --git a/src/polkitagent/polkitagenthelper-shadow.c b/src/polkitagent/polkitagenthelper-shadow.c +index a4f73ac..e877915 100644 +--- a/src/polkitagent/polkitagenthelper-shadow.c ++++ b/src/polkitagent/polkitagenthelper-shadow.c +@@ -46,7 +46,7 @@ main (int argc, char *argv[]) + { + struct spwd *shadow; + const char *user_to_auth; +- const char *cookie; ++ char *cookie = NULL; + time_t now; + + /* clear the entire environment to avoid attacks with +@@ -67,7 +67,7 @@ main (int argc, char *argv[]) + openlog ("polkit-agent-helper-1", LOG_CONS | LOG_PID, LOG_AUTHPRIV); + + /* check for correct invocation */ +- if (argc != 3) ++ if (!(argc == 2 || argc == 3)) + { + syslog (LOG_NOTICE, "inappropriate use of helper, wrong number of arguments [uid=%d]", getuid ()); + fprintf (stderr, "polkit-agent-helper-1: wrong number of arguments. This incident has been logged.\n"); +@@ -86,7 +86,10 @@ main (int argc, char *argv[]) + } + + user_to_auth = argv[1]; +- cookie = argv[2]; ++ ++ cookie = read_cookie (argc, argv); ++ if (!cookie) ++ goto error; + + #ifdef PAH_DEBUG + fprintf (stderr, "polkit-agent-helper-1: user to auth is '%s'.\n", user_to_auth); +@@ -153,6 +156,8 @@ main (int argc, char *argv[]) + goto error; + } + ++ free (cookie); ++ + #ifdef PAH_DEBUG + fprintf (stderr, "polkit-agent-helper-1: successfully sent D-Bus message to PolicyKit daemon\n"); + #endif /* PAH_DEBUG */ +@@ -162,6 +167,7 @@ main (int argc, char *argv[]) + return 0; + + error: ++ free (cookie); + fprintf (stdout, "FAILURE\n"); + flush_and_wait (); + return 1; +diff --git a/src/polkitagent/polkitagenthelperprivate.c b/src/polkitagent/polkitagenthelperprivate.c +index cfa77fc..e23f9f5 100644 +--- a/src/polkitagent/polkitagenthelperprivate.c ++++ b/src/polkitagent/polkitagenthelperprivate.c +@@ -23,6 +23,7 @@ + #include "config.h" + #include "polkitagenthelperprivate.h" + #include <stdio.h> ++#include <string.h> + #include <stdlib.h> + #include <unistd.h> + +@@ -45,6 +46,38 @@ _polkit_clearenv (void) + #endif + + ++char * ++read_cookie (int argc, char **argv) ++{ ++ /* As part of CVE-2015-4625, we started passing the cookie ++ * on standard input, to ensure it's not visible to other ++ * processes. However, to ensure that things continue ++ * to work if the setuid binary is upgraded while old ++ * agents are still running (this will be common with ++ * package managers), we support both modes. ++ */ ++ if (argc == 3) ++ return strdup (argv[2]); ++ else ++ { ++ char *ret = NULL; ++ size_t n = 0; ++ ssize_t r = getline (&ret, &n, stdin); ++ if (r == -1) ++ { ++ if (!feof (stdin)) ++ perror ("getline"); ++ free (ret); ++ return NULL; ++ } ++ else ++ { ++ g_strchomp (ret); ++ return ret; ++ } ++ } ++} ++ + gboolean + send_dbus_message (const char *cookie, const char *user) + { +diff --git a/src/polkitagent/polkitagenthelperprivate.h b/src/polkitagent/polkitagenthelperprivate.h +index aeca2c7..547fdcc 100644 +--- a/src/polkitagent/polkitagenthelperprivate.h ++++ b/src/polkitagent/polkitagenthelperprivate.h +@@ -38,6 +38,8 @@ + + int _polkit_clearenv (void); + ++char *read_cookie (int argc, char **argv); ++ + gboolean send_dbus_message (const char *cookie, const char *user); + + void flush_and_wait (); +diff --git a/src/polkitagent/polkitagentsession.c b/src/polkitagent/polkitagentsession.c +index f014773..8b93ad0 100644 +--- a/src/polkitagent/polkitagentsession.c ++++ b/src/polkitagent/polkitagentsession.c +@@ -55,6 +55,7 @@ + #include <stdio.h> + #include <sys/types.h> + #include <sys/wait.h> ++#include <gio/gunixoutputstream.h> + #include <pwd.h> + + #include "polkitagentmarshal.h" +@@ -88,7 +89,7 @@ struct _PolkitAgentSession + gchar *cookie; + PolkitIdentity *identity; + +- int child_stdin; ++ GOutputStream *child_stdin; + int child_stdout; + GPid child_pid; + +@@ -129,7 +130,6 @@ G_DEFINE_TYPE (PolkitAgentSession, polkit_agent_session, G_TYPE_OBJECT); + static void + polkit_agent_session_init (PolkitAgentSession *session) + { +- session->child_stdin = -1; + session->child_stdout = -1; + } + +@@ -395,11 +395,7 @@ kill_helper (PolkitAgentSession *session) + session->child_stdout = -1; + } + +- if (session->child_stdin != -1) +- { +- g_warn_if_fail (close (session->child_stdin) == 0); +- session->child_stdin = -1; +- } ++ g_clear_object (&session->child_stdin); + + session->helper_is_running = FALSE; + +@@ -545,9 +541,9 @@ polkit_agent_session_response (PolkitAgentSession *session, + + add_newline = (response[response_len] != '\n'); + +- write (session->child_stdin, response, response_len); ++ (void) g_output_stream_write_all (session->child_stdin, response, response_len, NULL, NULL, NULL); + if (add_newline) +- write (session->child_stdin, newline, 1); ++ (void) g_output_stream_write_all (session->child_stdin, newline, 1, NULL, NULL, NULL); + } + + /** +@@ -567,8 +563,9 @@ polkit_agent_session_initiate (PolkitAgentSession *session) + { + uid_t uid; + GError *error; +- gchar *helper_argv[4]; ++ gchar *helper_argv[3]; + struct passwd *passwd; ++ int stdin_fd = -1; + + g_return_if_fail (POLKIT_AGENT_IS_SESSION (session)); + +@@ -600,10 +597,8 @@ polkit_agent_session_initiate (PolkitAgentSession *session) + + helper_argv[0] = PACKAGE_PREFIX "/lib/polkit-1/polkit-agent-helper-1"; + helper_argv[1] = passwd->pw_name; +- helper_argv[2] = session->cookie; +- helper_argv[3] = NULL; ++ helper_argv[2] = NULL; + +- session->child_stdin = -1; + session->child_stdout = -1; + + error = NULL; +@@ -615,7 +610,7 @@ polkit_agent_session_initiate (PolkitAgentSession *session) + NULL, + NULL, + &session->child_pid, +- &session->child_stdin, ++ &stdin_fd, + &session->child_stdout, + NULL, + &error)) +@@ -628,6 +623,13 @@ polkit_agent_session_initiate (PolkitAgentSession *session) + if (G_UNLIKELY (_show_debug ())) + g_print ("PolkitAgentSession: spawned helper with pid %d\n", (gint) session->child_pid); + ++ session->child_stdin = (GOutputStream*)g_unix_output_stream_new (stdin_fd, TRUE); ++ ++ /* Write the cookie on stdin so it can't be seen by other processes */ ++ (void) g_output_stream_write_all (session->child_stdin, session->cookie, strlen (session->cookie), ++ NULL, NULL, NULL); ++ (void) g_output_stream_write_all (session->child_stdin, "\n", 1, NULL, NULL, NULL); ++ + session->child_stdout_channel = g_io_channel_unix_new (session->child_stdout); + session->child_stdout_watch_source = g_io_create_watch (session->child_stdout_channel, + G_IO_IN | G_IO_ERR | G_IO_HUP); +diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c +index 3f339e9..15adc6a 100644 +--- a/src/polkitbackend/polkitbackendinteractiveauthority.c ++++ b/src/polkitbackend/polkitbackendinteractiveauthority.c +@@ -214,6 +214,8 @@ typedef struct + + GDBusConnection *system_bus_connection; + guint name_owner_changed_signal_id; ++ ++ guint64 agent_serial; + } PolkitBackendInteractiveAuthorityPrivate; + + /* ---------------------------------------------------------------------------------------------------- */ +@@ -439,11 +441,15 @@ struct AuthenticationAgent + volatile gint ref_count; + + PolkitSubject *scope; ++ guint64 serial; + + gchar *locale; + GVariant *registration_options; + gchar *object_path; + gchar *unique_system_bus_name; ++ GRand *cookie_pool; ++ gchar *cookie_prefix; ++ guint64 cookie_serial; + + GDBusProxy *proxy; + +@@ -1427,9 +1433,54 @@ authentication_session_cancelled_cb (GCancellable *cancellable, + authentication_session_cancel (session); + } + ++/* We're not calling this a UUID, but it's basically ++ * the same thing, just not formatted that way because: ++ * ++ * - I'm too lazy to do it ++ * - If we did, people might think it was actually ++ * generated from /dev/random, which we're not doing ++ * because this value doesn't actually need to be ++ * globally unique. ++ */ ++static void ++append_rand_u128_str (GString *buf, ++ GRand *pool) ++{ ++ g_string_append_printf (buf, "%08x%08x%08x%08x", ++ g_rand_int (pool), ++ g_rand_int (pool), ++ g_rand_int (pool), ++ g_rand_int (pool)); ++} ++ ++/* A value that should be unique to the (AuthenticationAgent, AuthenticationSession) ++ * pair, and not guessable by other agents. ++ * ++ * <agent serial> - <agent uuid> - <session serial> - <session uuid> ++ * ++ * See http://lists.freedesktop.org/archives/polkit-devel/2015-June/000425.html ++ * ++ */ ++static gchar * ++authentication_agent_generate_cookie (AuthenticationAgent *agent) ++{ ++ GString *buf = g_string_new (""); ++ ++ g_string_append (buf, agent->cookie_prefix); ++ ++ g_string_append_c (buf, '-'); ++ agent->cookie_serial++; ++ g_string_append_printf (buf, "%" G_GUINT64_FORMAT, ++ agent->cookie_serial); ++ g_string_append_c (buf, '-'); ++ append_rand_u128_str (buf, agent->cookie_pool); ++ ++ return g_string_free (buf, FALSE); ++} ++ ++ + static AuthenticationSession * + authentication_session_new (AuthenticationAgent *agent, +- const gchar *cookie, + PolkitSubject *subject, + PolkitIdentity *user_of_subject, + PolkitSubject *caller, +@@ -1447,7 +1498,7 @@ authentication_session_new (AuthenticationAgent *agent, + + session = g_new0 (AuthenticationSession, 1); + session->agent = authentication_agent_ref (agent); +- session->cookie = g_strdup (cookie); ++ session->cookie = authentication_agent_generate_cookie (agent); + session->subject = g_object_ref (subject); + session->user_of_subject = g_object_ref (user_of_subject); + session->caller = g_object_ref (caller); +@@ -1496,16 +1547,6 @@ authentication_session_free (AuthenticationSession *session) + g_free (session); + } + +-static gchar * +-authentication_agent_new_cookie (AuthenticationAgent *agent) +-{ +- static gint counter = 0; +- +- /* TODO: use a more random-looking cookie */ +- +- return g_strdup_printf ("cookie%d", counter++); +-} +- + static PolkitSubject * + authentication_agent_get_scope (AuthenticationAgent *agent) + { +@@ -1553,12 +1594,15 @@ authentication_agent_unref (AuthenticationAgent *agent) + g_free (agent->unique_system_bus_name); + if (agent->registration_options != NULL) + g_variant_unref (agent->registration_options); ++ g_rand_free (agent->cookie_pool); ++ g_free (agent->cookie_prefix); + g_free (agent); + } + } + + static AuthenticationAgent * +-authentication_agent_new (PolkitSubject *scope, ++authentication_agent_new (guint64 serial, ++ PolkitSubject *scope, + const gchar *unique_system_bus_name, + const gchar *locale, + const gchar *object_path, +@@ -1592,6 +1636,7 @@ authentication_agent_new (PolkitSubject *scope, + + agent = g_new0 (AuthenticationAgent, 1); + agent->ref_count = 1; ++ agent->serial = serial; + agent->scope = g_object_ref (scope); + agent->object_path = g_strdup (object_path); + agent->unique_system_bus_name = g_strdup (unique_system_bus_name); +@@ -1599,6 +1644,25 @@ authentication_agent_new (PolkitSubject *scope, + agent->registration_options = registration_options != NULL ? g_variant_ref (registration_options) : NULL; + agent->proxy = proxy; + ++ { ++ GString *cookie_prefix = g_string_new (""); ++ GRand *agent_private_rand = g_rand_new (); ++ ++ g_string_append_printf (cookie_prefix, "%" G_GUINT64_FORMAT "-", agent->serial); ++ ++ /* Use a uniquely seeded PRNG to get a prefix cookie for this agent, ++ * whose sequence will not correlate with the per-authentication session ++ * cookies. ++ */ ++ append_rand_u128_str (cookie_prefix, agent_private_rand); ++ g_rand_free (agent_private_rand); ++ ++ agent->cookie_prefix = g_string_free (cookie_prefix, FALSE); ++ ++ /* And a newly seeded pool for per-session cookies */ ++ agent->cookie_pool = g_rand_new (); ++ } ++ + return agent; + } + +@@ -2193,7 +2257,6 @@ authentication_agent_initiate_challenge (AuthenticationAgent *agent, + { + PolkitBackendInteractiveAuthorityPrivate *priv = POLKIT_BACKEND_INTERACTIVE_AUTHORITY_GET_PRIVATE (authority); + AuthenticationSession *session; +- gchar *cookie; + GList *l; + GList *identities; + gchar *localized_message; +@@ -2215,8 +2278,6 @@ authentication_agent_initiate_challenge (AuthenticationAgent *agent, + &localized_icon_name, + &localized_details); + +- cookie = authentication_agent_new_cookie (agent); +- + identities = NULL; + + /* select admin user if required by the implicit authorization */ +@@ -2279,7 +2340,6 @@ authentication_agent_initiate_challenge (AuthenticationAgent *agent, + user_identities = g_list_prepend (NULL, polkit_unix_user_new (0)); + + session = authentication_session_new (agent, +- cookie, + subject, + user_of_subject, + caller, +@@ -2335,7 +2395,6 @@ authentication_agent_initiate_challenge (AuthenticationAgent *agent, + g_list_free_full (user_identities, g_object_unref); + g_list_foreach (identities, (GFunc) g_object_unref, NULL); + g_list_free (identities); +- g_free (cookie); + + g_free (localized_message); + g_free (localized_icon_name); +@@ -2482,7 +2541,9 @@ polkit_backend_interactive_authority_register_authentication_agent (PolkitBacken + goto out; + } + +- agent = authentication_agent_new (subject, ++ priv->agent_serial++; ++ agent = authentication_agent_new (priv->agent_serial, ++ subject, + polkit_system_bus_name_get_name (POLKIT_SYSTEM_BUS_NAME (caller)), + locale, + object_path, +-- +cgit v0.10.2 + +From 493aa5dc1d278ab9097110c1262f5229bbaf1766 Mon Sep 17 00:00:00 2001 +From: Colin Walters <walters@redhat.com> +Date: Wed, 17 Jun 2015 13:07:02 -0400 +Subject: CVE-2015-4625: Bind use of cookies to specific uids +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +http://lists.freedesktop.org/archives/polkit-devel/2015-June/000425.html + +The "cookie" value that Polkit hands out is global to all polkit +users. And when `AuthenticationAgentResponse` is invoked, we +previously only received the cookie and *target* identity, and +attempted to find an agent from that. + +The problem is that the current cookie is just an integer +counter, and if it overflowed, it would be possible for +an successful authorization in one session to trigger a response +in another session. + +The overflow and ability to guess the cookie were fixed by the +previous patch. + +This patch is conceptually further hardening on top of that. Polkit +currently treats uids as equivalent from a security domain +perspective; there is no support for +SELinux/AppArmor/etc. differentiation. + +We can retrieve the uid from `getuid()` in the setuid helper, which +allows us to ensure the uid invoking `AuthenticationAgentResponse2` +matches that of the agent. + +Then the authority only looks at authentication sessions matching the +cookie that were created by a matching uid, thus removing the ability +for different uids to interfere with each other entirely. + +Several fixes to this patch were contributed by: +Miloslav Trmač <mitr@redhat.com> + +Bug: https://bugs.freedesktop.org/show_bug.cgi?id=90837 +CVE: CVE-2015-4625 +Reported-by: Tavis Ormandy <taviso@google.com> +Reviewed-by: Miloslav Trmač <mitr@redhat.com> +Signed-off-by: Colin Walters <walters@redhat.com> + +diff --git a/data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml b/data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml +index 3b519c2..5beef7d 100644 +--- a/data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml ++++ b/data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml +@@ -8,7 +8,19 @@ + <annotation name="org.gtk.EggDBus.DocString" value="<para>This D-Bus interface is used for communication between the system-wide PolicyKit daemon and one or more authentication agents each running in a user session.</para><para>An authentication agent must implement this interface and register (passing the object path of the object implementing the interface) using the org.freedesktop.PolicyKit1.Authority.RegisterAuthenticationAgent() and org.freedesktop.PolicyKit1.Authority.UnregisterAuthenticationAgent() methods on the #org.freedesktop.PolicyKit1.Authority interface of the PolicyKit daemon.</para>"/> + + <method name="BeginAuthentication"> +- <annotation name="org.gtk.EggDBus.DocString" value="<para>Called by the PolicyKit daemon when the authentication agent needs the user to authenticate as one of the identities in @identities for the action with the identifier @action_id.</para><para>Upon succesful authentication, the authentication agent must invoke the org.freedesktop.PolicyKit1.Authority.AuthenticationAgentResponse() method on the #org.freedesktop.PolicyKit1.Authority interface of the PolicyKit daemon before returning.</para><para>If the user dismisses the authentication dialog, the authentication agent should return an error.</para>"/> ++ <annotation name="org.gtk.EggDBus.DocString" value="<para>Called ++ by the PolicyKit daemon when the authentication agent needs the ++ user to authenticate as one of the identities in @identities for ++ the action with the identifier @action_id.</para><para>This ++ authentication is normally achieved via the ++ polkit_agent_session_response() API, which invokes a private ++ setuid helper process to verify the authentication. When ++ successful, it calls the ++ org.freedesktop.PolicyKit1.Authority.AuthenticationAgentResponse2() ++ method on the #org.freedesktop.PolicyKit1.Authority interface of ++ the PolicyKit daemon before returning. If the user dismisses the ++ authentication dialog, the authentication agent should call ++ polkit_agent_session_cancel().</para>"/> + + <arg name="action_id" direction="in" type="s"> + <annotation name="org.gtk.EggDBus.DocString" value="The identifier for the action that the user is authentication for."/> +diff --git a/data/org.freedesktop.PolicyKit1.Authority.xml b/data/org.freedesktop.PolicyKit1.Authority.xml +index fbfb9cd..f9021ee 100644 +--- a/data/org.freedesktop.PolicyKit1.Authority.xml ++++ b/data/org.freedesktop.PolicyKit1.Authority.xml +@@ -313,7 +313,29 @@ + </method> + + <method name="AuthenticationAgentResponse"> +- <annotation name="org.gtk.EggDBus.DocString" value="Method for authentication agents to invoke on successful authentication. This method will fail unless a sufficiently privileged caller invokes it."/> ++ <annotation name="org.gtk.EggDBus.DocString" value="Method for authentication agents to invoke on successful ++authentication, intended only for use by a privileged helper process ++internal to polkit."/> ++ ++ <arg name="cookie" direction="in" type="s"> ++ <annotation name="org.gtk.EggDBus.DocString" value="The cookie identifying the authentication request that was passed to the authentication agent."/> ++ </arg> ++ ++ <arg name="identity" direction="in" type="(sa{sv})"> ++ <annotation name="org.gtk.EggDBus.Type" value="Identity"/> ++ <annotation name="org.gtk.EggDBus.DocString" value="A #Identity struct describing what identity was authenticated."/> ++ </arg> ++ </method> ++ ++ <method name="AuthenticationAgentResponse2"> ++ <annotation name="org.gtk.EggDBus.DocString" value="Method for authentication agents to invoke on successful ++authentication, intended only for use by a privileged helper process ++internal to polkit. Note this method was added in 0.114, and should be preferred over AuthenticationAgentResponse ++as it fixes a security issue."/> ++ ++ <arg name="uid" direction="in" type="u"> ++ <annotation name="org.gtk.EggDBus.DocString" value="The real uid of the agent. Normally set by the setuid helper program."/> ++ </arg> + + <arg name="cookie" direction="in" type="s"> + <annotation name="org.gtk.EggDBus.DocString" value="The cookie identifying the authentication request that was passed to the authentication agent."/> +diff --git a/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml b/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml +index 6525e25..e66bf53 100644 +--- a/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml ++++ b/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml +@@ -42,6 +42,8 @@ Structure <link linkend="eggdbus-struct-TemporaryAuthorization">TemporaryAuth + IN String object_path) + <link linkend="eggdbus-method-org.freedesktop.PolicyKit1.Authority.AuthenticationAgentResponse">AuthenticationAgentResponse</link> (IN String cookie, + IN <link linkend="eggdbus-struct-Identity">Identity</link> identity) ++<link linkend="eggdbus-method-org.freedesktop.PolicyKit1.Authority.AuthenticationAgentResponse">AuthenticationAgentResponse2</link> (IN uint32 uid, IN String cookie, ++ IN <link linkend="eggdbus-struct-Identity">Identity</link> identity) + <link linkend="eggdbus-method-org.freedesktop.PolicyKit1.Authority.EnumerateTemporaryAuthorizations">EnumerateTemporaryAuthorizations</link> (IN <link linkend="eggdbus-struct-Subject">Subject</link> subject, + OUT Array<<link linkend="eggdbus-struct-TemporaryAuthorization">TemporaryAuthorization</link>> temporary_authorizations) + <link linkend="eggdbus-method-org.freedesktop.PolicyKit1.Authority.RevokeTemporaryAuthorizations">RevokeTemporaryAuthorizations</link> (IN <link linkend="eggdbus-struct-Subject">Subject</link> subject) +@@ -777,10 +779,52 @@ AuthenticationAgentResponse (IN String cookie, + IN <link linkend="eggdbus-struct-Identity">Identity</link> identity) + </programlisting> + <para> +-Method for authentication agents to invoke on successful authentication. This method will fail unless a sufficiently privileged caller invokes it. ++Method for authentication agents to invoke on successful ++authentication, intended only for use by a privileged helper process ++internal to polkit. Deprecated in favor of AuthenticationAgentResponse2. ++ </para> ++<variablelist role="params"> ++ <varlistentry> ++ <term><literal>IN String <parameter>cookie</parameter></literal>:</term> ++ <listitem> ++ <para> ++The cookie identifying the authentication request that was passed to the authentication agent. ++ </para> ++ </listitem> ++ </varlistentry> ++ <varlistentry> ++ <term><literal>IN <link linkend="eggdbus-struct-Identity">Identity</link> <parameter>identity</parameter></literal>:</term> ++ <listitem> ++ <para> ++A <link linkend="eggdbus-struct-Identity">Identity</link> struct describing what identity was authenticated. ++ </para> ++ </listitem> ++ </varlistentry> ++</variablelist> ++ </refsect2> ++ <refsect2 role="function" id="eggdbus-method-org.freedesktop.PolicyKit1.Authority.AuthenticationAgentResponse2"> ++ <title>AuthenticationAgentResponse2 ()</title> ++ <programlisting> ++AuthenticationAgentResponse2 (IN uint32 uid, ++ IN String cookie, ++ IN <link linkend="eggdbus-struct-Identity">Identity</link> identity) ++ </programlisting> ++ <para> ++Method for authentication agents to invoke on successful ++authentication, intended only for use by a privileged helper process ++internal to polkit. Note this method was introduced in 0.114 to fix a security issue. + </para> + <variablelist role="params"> + <varlistentry> ++ <term><literal>IN uint32 <parameter>uid</parameter></literal>:</term> ++ <listitem> ++ <para> ++The user id of the agent; normally this is the owner of the parent pid ++of the process that invoked the internal setuid helper. ++ </para> ++ </listitem> ++ </varlistentry> ++ <varlistentry> + <term><literal>IN String <parameter>cookie</parameter></literal>:</term> + <listitem> + <para> +diff --git a/docs/polkit/overview.xml b/docs/polkit/overview.xml +index 150a7bc..176d2ea 100644 +--- a/docs/polkit/overview.xml ++++ b/docs/polkit/overview.xml +@@ -314,16 +314,18 @@ + <para> + Authentication agents are provided by desktop environments. When + an user session starts, the agent registers with the polkit +- Authority using +- the <link linkend="eggdbus-method-org.freedesktop.PolicyKit1.Authority.RegisterAuthenticationAgent">RegisterAuthenticationAgent()</link> ++ Authority using the <link ++ linkend="eggdbus-method-org.freedesktop.PolicyKit1.Authority.RegisterAuthenticationAgent">RegisterAuthenticationAgent()</link> + method. When services are needed, the authority will invoke +- methods on +- the <link linkend="eggdbus-interface-org.freedesktop.PolicyKit1.AuthenticationAgent">org.freedesktop.PolicyKit1.AuthenticationAgent</link> ++ methods on the <link ++ linkend="eggdbus-interface-org.freedesktop.PolicyKit1.AuthenticationAgent">org.freedesktop.PolicyKit1.AuthenticationAgent</link> + D-Bus interface. Once the user is authenticated, (a privileged +- part of) the agent invokes +- the <link linkend="eggdbus-method-org.freedesktop.PolicyKit1.Authority.AuthenticationAgentResponse">AuthenticationAgentResponse()</link> +- method. Note that the polkit Authority itself does not care +- how the agent authenticates the user. ++ part of) the agent invokes the <link ++ linkend="eggdbus-method-org.freedesktop.PolicyKit1.Authority.AuthenticationAgentResponse">AuthenticationAgentResponse()</link> ++ method. This method should be treated as an internal ++ implementation detail, and callers should use the public shared ++ library API to invoke it, which currently uses a setuid helper ++ program. + </para> + <para> + The <link linkend="ref-authentication-agent-api">libpolkit-agent-1</link> +diff --git a/src/polkit/polkitauthority.c b/src/polkit/polkitauthority.c +index ab6d3cd..6bd684a 100644 +--- a/src/polkit/polkitauthority.c ++++ b/src/polkit/polkitauthority.c +@@ -1492,6 +1492,14 @@ polkit_authority_authentication_agent_response (PolkitAuthority *authority, + gpointer user_data) + { + GVariant *identity_value; ++ /* Note that in reality, this API is only accessible to root, and ++ * only called from the setuid helper `polkit-agent-helper-1`. ++ * ++ * However, because this is currently public API, we avoid ++ * triggering warnings from ABI diff type programs by just grabbing ++ * the real uid of the caller here. ++ */ ++ uid_t uid = getuid (); + + g_return_if_fail (POLKIT_IS_AUTHORITY (authority)); + g_return_if_fail (cookie != NULL); +@@ -1501,8 +1509,9 @@ polkit_authority_authentication_agent_response (PolkitAuthority *authority, + identity_value = polkit_identity_to_gvariant (identity); + g_variant_ref_sink (identity_value); + g_dbus_proxy_call (authority->proxy, +- "AuthenticationAgentResponse", +- g_variant_new ("(s@(sa{sv}))", ++ "AuthenticationAgentResponse2", ++ g_variant_new ("(us@(sa{sv}))", ++ (guint32)uid, + cookie, + identity_value), + G_DBUS_CALL_FLAGS_NONE, +diff --git a/src/polkitbackend/polkitbackendauthority.c b/src/polkitbackend/polkitbackendauthority.c +index 601a974..03a4e84 100644 +--- a/src/polkitbackend/polkitbackendauthority.c ++++ b/src/polkitbackend/polkitbackendauthority.c +@@ -355,6 +355,7 @@ polkit_backend_authority_unregister_authentication_agent (PolkitBackendAuthority + gboolean + polkit_backend_authority_authentication_agent_response (PolkitBackendAuthority *authority, + PolkitSubject *caller, ++ uid_t uid, + const gchar *cookie, + PolkitIdentity *identity, + GError **error) +@@ -373,7 +374,7 @@ polkit_backend_authority_authentication_agent_response (PolkitBackendAuthority + } + else + { +- return klass->authentication_agent_response (authority, caller, cookie, identity, error); ++ return klass->authentication_agent_response (authority, caller, uid, cookie, identity, error); + } + } + +@@ -587,6 +588,11 @@ static const gchar *server_introspection_data = + " <arg type='s' name='cookie' direction='in'/>" + " <arg type='(sa{sv})' name='identity' direction='in'/>" + " </method>" ++ " <method name='AuthenticationAgentResponse2'>" ++ " <arg type='u' name='uid' direction='in'/>" ++ " <arg type='s' name='cookie' direction='in'/>" ++ " <arg type='(sa{sv})' name='identity' direction='in'/>" ++ " </method>" + " <method name='EnumerateTemporaryAuthorizations'>" + " <arg type='(sa{sv})' name='subject' direction='in'/>" + " <arg type='a(ss(sa{sv})tt)' name='temporary_authorizations' direction='out'/>" +@@ -1035,6 +1041,57 @@ server_handle_authentication_agent_response (Server *server, + error = NULL; + if (!polkit_backend_authority_authentication_agent_response (server->authority, + caller, ++ (uid_t)-1, ++ cookie, ++ identity, ++ &error)) ++ { ++ g_dbus_method_invocation_return_gerror (invocation, error); ++ g_error_free (error); ++ goto out; ++ } ++ ++ g_dbus_method_invocation_return_value (invocation, g_variant_new ("()")); ++ ++ out: ++ if (identity != NULL) ++ g_object_unref (identity); ++} ++ ++static void ++server_handle_authentication_agent_response2 (Server *server, ++ GVariant *parameters, ++ PolkitSubject *caller, ++ GDBusMethodInvocation *invocation) ++{ ++ const gchar *cookie; ++ GVariant *identity_gvariant; ++ PolkitIdentity *identity; ++ GError *error; ++ guint32 uid; ++ ++ identity = NULL; ++ ++ g_variant_get (parameters, ++ "(u&s@(sa{sv}))", ++ &uid, ++ &cookie, ++ &identity_gvariant); ++ ++ error = NULL; ++ identity = polkit_identity_new_for_gvariant (identity_gvariant, &error); ++ if (identity == NULL) ++ { ++ g_prefix_error (&error, "Error getting identity: "); ++ g_dbus_method_invocation_return_gerror (invocation, error); ++ g_error_free (error); ++ goto out; ++ } ++ ++ error = NULL; ++ if (!polkit_backend_authority_authentication_agent_response (server->authority, ++ caller, ++ (uid_t)uid, + cookie, + identity, + &error)) +@@ -1222,6 +1279,8 @@ server_handle_method_call (GDBusConnection *connection, + server_handle_unregister_authentication_agent (server, parameters, caller, invocation); + else if (g_strcmp0 (method_name, "AuthenticationAgentResponse") == 0) + server_handle_authentication_agent_response (server, parameters, caller, invocation); ++ else if (g_strcmp0 (method_name, "AuthenticationAgentResponse2") == 0) ++ server_handle_authentication_agent_response2 (server, parameters, caller, invocation); + else if (g_strcmp0 (method_name, "EnumerateTemporaryAuthorizations") == 0) + server_handle_enumerate_temporary_authorizations (server, parameters, caller, invocation); + else if (g_strcmp0 (method_name, "RevokeTemporaryAuthorizations") == 0) +diff --git a/src/polkitbackend/polkitbackendauthority.h b/src/polkitbackend/polkitbackendauthority.h +index f9f7385..88df82e 100644 +--- a/src/polkitbackend/polkitbackendauthority.h ++++ b/src/polkitbackend/polkitbackendauthority.h +@@ -147,6 +147,7 @@ struct _PolkitBackendAuthorityClass + + gboolean (*authentication_agent_response) (PolkitBackendAuthority *authority, + PolkitSubject *caller, ++ uid_t uid, + const gchar *cookie, + PolkitIdentity *identity, + GError **error); +@@ -249,6 +250,7 @@ gboolean polkit_backend_authority_unregister_authentication_agent (PolkitBackend + + gboolean polkit_backend_authority_authentication_agent_response (PolkitBackendAuthority *authority, + PolkitSubject *caller, ++ uid_t uid, + const gchar *cookie, + PolkitIdentity *identity, + GError **error); +diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c +index 15adc6a..96725f7 100644 +--- a/src/polkitbackend/polkitbackendinteractiveauthority.c ++++ b/src/polkitbackend/polkitbackendinteractiveauthority.c +@@ -108,8 +108,9 @@ static AuthenticationAgent *get_authentication_agent_for_subject (PolkitBackendI + PolkitSubject *subject); + + +-static AuthenticationSession *get_authentication_session_for_cookie (PolkitBackendInteractiveAuthority *authority, +- const gchar *cookie); ++static AuthenticationSession *get_authentication_session_for_uid_and_cookie (PolkitBackendInteractiveAuthority *authority, ++ uid_t uid, ++ const gchar *cookie); + + static GList *get_authentication_sessions_initiated_by_system_bus_unique_name (PolkitBackendInteractiveAuthority *authority, + const gchar *system_bus_unique_name); +@@ -169,6 +170,7 @@ static gboolean polkit_backend_interactive_authority_unregister_authentication_a + + static gboolean polkit_backend_interactive_authority_authentication_agent_response (PolkitBackendAuthority *authority, + PolkitSubject *caller, ++ uid_t uid, + const gchar *cookie, + PolkitIdentity *identity, + GError **error); +@@ -440,6 +442,7 @@ struct AuthenticationAgent + { + volatile gint ref_count; + ++ uid_t creator_uid; + PolkitSubject *scope; + guint64 serial; + +@@ -1603,6 +1606,7 @@ authentication_agent_unref (AuthenticationAgent *agent) + static AuthenticationAgent * + authentication_agent_new (guint64 serial, + PolkitSubject *scope, ++ PolkitIdentity *creator, + const gchar *unique_system_bus_name, + const gchar *locale, + const gchar *object_path, +@@ -1611,6 +1615,10 @@ authentication_agent_new (guint64 serial, + { + AuthenticationAgent *agent; + GDBusProxy *proxy; ++ PolkitUnixUser *creator_user; ++ ++ g_assert (POLKIT_IS_UNIX_USER (creator)); ++ creator_user = POLKIT_UNIX_USER (creator); + + if (!g_variant_is_object_path (object_path)) + { +@@ -1638,6 +1646,7 @@ authentication_agent_new (guint64 serial, + agent->ref_count = 1; + agent->serial = serial; + agent->scope = g_object_ref (scope); ++ agent->creator_uid = (uid_t)polkit_unix_user_get_uid (creator_user); + agent->object_path = g_strdup (object_path); + agent->unique_system_bus_name = g_strdup (unique_system_bus_name); + agent->locale = g_strdup (locale); +@@ -1736,8 +1745,9 @@ get_authentication_agent_for_subject (PolkitBackendInteractiveAuthority *authori + } + + static AuthenticationSession * +-get_authentication_session_for_cookie (PolkitBackendInteractiveAuthority *authority, +- const gchar *cookie) ++get_authentication_session_for_uid_and_cookie (PolkitBackendInteractiveAuthority *authority, ++ uid_t uid, ++ const gchar *cookie) + { + PolkitBackendInteractiveAuthorityPrivate *priv; + GHashTableIter hash_iter; +@@ -1755,6 +1765,23 @@ get_authentication_session_for_cookie (PolkitBackendInteractiveAuthority *author + { + GList *l; + ++ /* We need to ensure that if somehow we have duplicate cookies ++ * due to wrapping, that the cookie used is matched to the user ++ * who called AuthenticationAgentResponse2. See ++ * http://lists.freedesktop.org/archives/polkit-devel/2015-June/000425.html ++ * ++ * Except if the legacy AuthenticationAgentResponse is invoked, ++ * we don't know the uid and hence use -1. Continue to support ++ * the old behavior for backwards compatibility, although everyone ++ * who is using our own setuid helper will automatically be updated ++ * to the new API. ++ */ ++ if (uid != (uid_t)-1) ++ { ++ if (agent->creator_uid != uid) ++ continue; ++ } ++ + for (l = agent->active_sessions; l != NULL; l = l->next) + { + AuthenticationSession *session = l->data; +@@ -2544,6 +2571,7 @@ polkit_backend_interactive_authority_register_authentication_agent (PolkitBacken + priv->agent_serial++; + agent = authentication_agent_new (priv->agent_serial, + subject, ++ user_of_caller, + polkit_system_bus_name_get_name (POLKIT_SYSTEM_BUS_NAME (caller)), + locale, + object_path, +@@ -2757,6 +2785,7 @@ polkit_backend_interactive_authority_unregister_authentication_agent (PolkitBack + static gboolean + polkit_backend_interactive_authority_authentication_agent_response (PolkitBackendAuthority *authority, + PolkitSubject *caller, ++ uid_t uid, + const gchar *cookie, + PolkitIdentity *identity, + GError **error) +@@ -2799,7 +2828,7 @@ polkit_backend_interactive_authority_authentication_agent_response (PolkitBacken + } + + /* find the authentication session */ +- session = get_authentication_session_for_cookie (interactive_authority, cookie); ++ session = get_authentication_session_for_uid_and_cookie (interactive_authority, uid, cookie); + if (session == NULL) + { + g_set_error (error, +-- +cgit v0.10.2 + +--- ./configure.ac.orig ++++ ./configure.ac +@@ -122,7 +122,7 @@ + changequote([,])dnl + fi + +-PKG_CHECK_MODULES(GLIB, [gio-2.0 >= 2.28.0]) ++PKG_CHECK_MODULES(GLIB, [gmodule-2.0 gio-unix-2.0 gio-2.0 >= 2.30.0]) + AC_SUBST(GLIB_CFLAGS) + AC_SUBST(GLIB_LIBS) + diff --git a/system/polkit/automake.patch b/system/polkit/automake.patch new file mode 100644 index 000000000..0f6825a26 --- /dev/null +++ b/system/polkit/automake.patch @@ -0,0 +1,19 @@ +--- ./configure.ac.orig 2012-12-31 21:39:08.969445979 +0000 ++++ ./configure.ac 2012-12-31 21:39:30.136285425 +0000 +@@ -3,7 +3,7 @@ + AC_PREREQ(2.59c) + AC_INIT(polkit, 0.105, http://lists.freedesktop.org/mailman/listinfo/polkit-devel) + AM_INIT_AUTOMAKE(polkit, 0.105) +-AM_CONFIG_HEADER(config.h) ++AC_CONFIG_HEADER(config.h) + AM_MAINTAINER_MODE + + m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])]) +@@ -24,7 +24,6 @@ + + AC_ISC_POSIX + AC_PROG_CC +-AM_PROG_CC_STDC + AC_HEADER_STDC + AM_PROG_LIBTOOL + AC_PROG_MAKE_SET diff --git a/system/polkit/disable-ck-test.patch b/system/polkit/disable-ck-test.patch new file mode 100644 index 000000000..e1987d40d --- /dev/null +++ b/system/polkit/disable-ck-test.patch @@ -0,0 +1,15 @@ +This test requires ConsoleKit to be running. + +--- polkit-0.105/test/polkitbackend/Makefile.am.old 2012-04-24 11:05:34.000000000 -0500 ++++ polkit-0.105/test/polkitbackend/Makefile.am 2017-09-27 20:48:42.479959296 -0500 +@@ -36,8 +36,8 @@ + TEST_PROGS += polkitbackendlocalauthorizationstoretest + polkitbackendlocalauthorizationstoretest_SOURCES = polkitbackendlocalauthorizationstoretest.c + +-TEST_PROGS += polkitbackendlocalauthoritytest +-polkitbackendlocalauthoritytest_SOURCES = polkitbackendlocalauthoritytest.c ++#TEST_PROGS += polkitbackendlocalauthoritytest ++#polkitbackendlocalauthoritytest_SOURCES = polkitbackendlocalauthoritytest.c + + # ---------------------------------------------------------------------------------------------------- + diff --git a/system/polkit/fix-consolekit-db-stat.patch b/system/polkit/fix-consolekit-db-stat.patch new file mode 100644 index 000000000..3deceb639 --- /dev/null +++ b/system/polkit/fix-consolekit-db-stat.patch @@ -0,0 +1,30 @@ +--- polkit-0.105.orig/src/polkitbackend/polkitbackendsessionmonitor.c 2012-04-24 19:05:34.000000000 +0300 ++++ polkit-0.105/src/polkitbackend/polkitbackendsessionmonitor.c 2015-08-17 14:50:51.428580856 +0300 +@@ -47,7 +47,7 @@ struct _PolkitBackendSessionMonitor + + GKeyFile *database; + GFileMonitor *database_monitor; +- time_t database_mtime; ++ struct timespec database_mtim; + }; + + struct _PolkitBackendSessionMonitorClass +@@ -95,7 +95,7 @@ reload_database (PolkitBackendSessionMon + goto out; + } + +- monitor->database_mtime = statbuf.st_mtime; ++ monitor->database_mtim = statbuf.st_mtim; + + monitor->database = g_key_file_new (); + if (!g_key_file_load_from_file (monitor->database, +@@ -131,7 +131,8 @@ ensure_database (PolkitBackendSessionMon + strerror (errno)); + goto out; + } +- if (statbuf.st_mtime == monitor->database_mtime) ++ if (statbuf.st_mtim.tv_sec == monitor->database_mtim.tv_sec && ++ statbuf.st_mtim.tv_nsec == monitor->database_mtim.tv_nsec) + { + ret = TRUE; + goto out; diff --git a/system/polkit/fix-parallel-make.patch b/system/polkit/fix-parallel-make.patch new file mode 100644 index 000000000..b693a34dd --- /dev/null +++ b/system/polkit/fix-parallel-make.patch @@ -0,0 +1,40 @@ +From 7bd30764a5230684c7c979a08a83dfa6e327f719 Mon Sep 17 00:00:00 2001 +From: Ryan Lortie <desrt@velocity.(none)> +Date: Tue, 13 Nov 2012 16:50:14 +0000 +Subject: build: Fix .gir generation for parallel make + +As per the intructions in the introspection Makefile, we should have a +line declaring a dependency between the .gir and .la files. + +https://bugs.freedesktop.org/show_bug.cgi?id=57077 + +Signed-off-by: David Zeuthen <zeuthen@gmail.com> +--- +diff --git a/src/polkit/Makefile.am b/src/polkit/Makefile.am +index 39d6d84..d648d29 100644 +--- a/src/polkit/Makefile.am ++++ b/src/polkit/Makefile.am +@@ -106,6 +106,8 @@ if HAVE_INTROSPECTION + + INTROSPECTION_GIRS = Polkit-1.0.gir + ++Polkit-1.0.gir: libpolkit-gobject-1.la ++ + girdir = $(INTROSPECTION_GIRDIR) + gir_DATA = Polkit-1.0.gir + +diff --git a/src/polkitagent/Makefile.am b/src/polkitagent/Makefile.am +index 1cfb73c..5b7d4c7 100644 +--- a/src/polkitagent/Makefile.am ++++ b/src/polkitagent/Makefile.am +@@ -108,6 +108,8 @@ if HAVE_INTROSPECTION + girdir = $(INTROSPECTION_GIRDIR) + gir_DATA = PolkitAgent-1.0.gir + ++PolkitAgent-1.0.gir: libpolkit-agent-1.la ++ + typelibsdir = $(INTROSPECTION_TYPELIBDIR) + typelibs_DATA = PolkitAgent-1.0.typelib + +-- +cgit v0.9.0.2-2-gbebe diff --git a/system/polkit/fix-test-fgetpwent.patch b/system/polkit/fix-test-fgetpwent.patch new file mode 100644 index 000000000..7bc6481cc --- /dev/null +++ b/system/polkit/fix-test-fgetpwent.patch @@ -0,0 +1,20 @@ +--- polkit-0.105/test/mocklibc/src/pwd.c.old 2012-04-24 11:05:34.000000000 -0500 ++++ polkit-0.105/test/mocklibc/src/pwd.c 2017-09-27 19:40:57.883227673 -0500 +@@ -16,6 +16,7 @@ + * Author: Nikki VonHollen <vonhollen@gmail.com> + */ + ++#define _GNU_SOURCE + #include <pwd.h> + + #include <stdio.h> +--- polkit-0.105/test/mocklibc/src/grp.c.old 2012-04-24 11:05:34.000000000 -0500 ++++ polkit-0.105/test/mocklibc/src/grp.c 2017-09-27 19:44:57.759238450 -0500 +@@ -16,6 +16,7 @@ + * Author: Nikki VonHollen <vonhollen@gmail.com> + */ + ++#define _GNU_SOURCE + #include <grp.h> + + #include <stdio.h> diff --git a/system/procps/APKBUILD b/system/procps/APKBUILD new file mode 100644 index 000000000..9f52de53f --- /dev/null +++ b/system/procps/APKBUILD @@ -0,0 +1,73 @@ +# Maintainer: Natanael Copa <ncopa@alpinelinux.org> +pkgname=procps +pkgver=3.3.12 +pkgrel=4 +pkgdesc="Utilities for monitoring your system and processes on your system" +url="https://gitlab.com/procps-ng/procps" +arch="all" +license="GPL LGPL" +makedepends="ncurses-dev gettext-dev autoconf automake libtool" +checkdepends="dejagnu" +subpackages="$pkgname-dev $pkgname-doc libproc" +source="$pkgname-$pkgver.tar.gz::https://gitlab.com/procps-ng/$pkgname/repository/archive.tar.gz?ref=v$pkgver + strtod.patch" +builddir="$srcdir/$pkgname-v$pkgver" + +prepare() { + # NOTE: Name of the tarball's top-level directory contains SHA1. + ln -fs $pkgname-v$pkgver-* "$builddir" + + default_prepare + + cd "$builddir" + ./autogen.sh +} + +build() { + cd "$builddir" + + export LIBS="$LIBS -lintl" + ./configure \ + --build=$CBUILD \ + --host=$CHOST \ + --prefix=/ \ + --bindir=/bin \ + --sbindir=/sbin \ + --libdir=/lib \ + --mandir=/usr/share/man \ + --sysconfdir=/etc \ + --docdir=/usr/share/doc \ + --disable-static \ + --disable-rpath \ + --with-ncurses + make +} + +check() { + cd "$builddir" + make check +} + +package() { + cd "$builddir" + + make DESTDIR="$pkgdir" ldconfig=true install="install -D" \ + install + + # These binaries are identical. + ln -sf pgrep "$pkgdir"/bin/pkill + + install -d "$pkgdir"/usr/lib + mv "$pkgdir"/include "$pkgdir"/usr/ \ + && mv "$pkgdir"/lib/pkgconfig "$pkgdir"/usr/lib/ +} + +libproc() { + pkgdesc="Library for monitoring system and processes" + + install -d "$subpkgdir"/ + mv "$pkgdir"/lib "$subpkgdir"/ +} + +sha512sums="a4400b9e13f8e9ec1c527a0e9e2e5580b6d007cae0f961b2a82c2924e4922232cee7a8be77badb45d608383758476da0260460d8e0801a5e88ced7cc6b8c10cc procps-3.3.12.tar.gz +93449c3b431a40d9fbfe8a5681cbd3696a984565b99d6105cf988ae571beda0c815104a3a13bf6d20289705e4063b0a61d2658c422293095e3eb78c29c41053b strtod.patch" diff --git a/system/procps/strtod.patch b/system/procps/strtod.patch new file mode 100644 index 000000000..9cc974b1b --- /dev/null +++ b/system/procps/strtod.patch @@ -0,0 +1,115 @@ +From 4ed44ab58e27a9a09902b9c5b49df484842b6c9a Mon Sep 17 00:00:00 2001 +From: Dr. Werner Fink <werner@suse.de> +Date: Wed, 13 Jul 2016 20:08:51 +1000 +Subject: [PATCH] misc: fix strtod_nol_err tests + +A better way of implementing the string to double +conversion and a better way of testing it. + +Signed-off-by: Craig Small <csmall@enc.com.au> +--- + include/strutils.h | 2 +- + lib/strutils.c | 22 ++++++++++++---------- + lib/test_strtod_nol.c | 7 ++++--- + 4 files changed, 20 insertions(+), 18 deletions(-) + +diff --git a/include/strutils.h b/include/strutils.h +index 85a6192..a5a15c9 100644 +--- a/include/strutils.h ++++ b/include/strutils.h +@@ -7,6 +7,6 @@ + + extern long strtol_or_err(const char *str, const char *errmesg); + extern double strtod_or_err(const char *str, const char *errmesg); +-double strtod_nol_or_err(char *str, const char *errmesg); ++extern double strtod_nol_or_err(char *str, const char *errmesg); + + #endif +diff --git a/lib/strutils.c b/lib/strutils.c +index e5245db..e0632c4 100644 +--- a/lib/strutils.c ++++ b/lib/strutils.c +@@ -20,6 +20,8 @@ + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + */ + ++#include <float.h> ++#include <math.h> + #include <stdlib.h> + #include <ctype.h> + +@@ -71,9 +73,9 @@ double strtod_or_err(const char *str, const char *errmesg) + */ + double strtod_nol_or_err(char *str, const char *errmesg) + { +- double num; ++ long double num; + const char *cp, *radix; +- double mult; ++ long double mult; + int negative = 0; + + if (str != NULL && *str != '\0') { +@@ -95,29 +97,29 @@ double strtod_nol_or_err(char *str, const char *errmesg) + mult=0.1; + while(isdigit(*radix)) { + radix++; +- mult *= 10; ++ mult *= 10.0; + } + while(isdigit(*cp)) { +- num += (*cp - '0') * mult; +- mult /= 10; ++ num += (long double)(*cp - '0') * mult; ++ mult /= 10.0; + cp++; + } + /* got the integers */ + if (*cp == '\0') +- return (negative?-num:num); ++ return (double)(negative?-num:num); + if (*cp != '.' && *cp != ',') + error(EXIT_FAILURE, EINVAL, "%s: '%s'", errmesg, str); + + cp++; + mult = 0.1; + while(isdigit(*cp)) { +- num += (*cp - '0') * mult; +- mult /= 10; ++ num += (long double)(*cp - '0') * mult; ++ mult /= 10.0; + cp++; + } + if (*cp == '\0') +- return (negative?-num:num); ++ return (double)(negative?-num:num); + } + error(EXIT_FAILURE, errno, "%s: '%s'", errmesg, str); +- return 0; ++ return (double)0; + } +diff --git a/lib/test_strtod_nol.c b/lib/test_strtod_nol.c +index 0be798c..736768a 100644 +--- a/lib/test_strtod_nol.c ++++ b/lib/test_strtod_nol.c +@@ -1,4 +1,5 @@ +- ++#include <float.h> ++#include <math.h> + #include <stdio.h> + #include <stdlib.h> + #include "strutils.h" +@@ -33,8 +34,8 @@ int main(int argc, char *argv[]) + double val; + + for(i=0; tests[i].string != NULL; i++) { +- if(strtod_nol_or_err(tests[i].string, "Cannot parse number") != +- tests[i].result) { ++ val = strtod_nol_or_err(tests[i].string, "Cannot parse number"); ++ if(fabs(tests[i].result - val) > DBL_EPSILON) { + fprintf(stderr, "FAIL: strtod_nol_or_err(\"%s\") != %f\n", + tests[i].string, tests[i].result); + return EXIT_FAILURE; +-- +libgit2 0.26.0 + diff --git a/system/sudo/APKBUILD b/system/sudo/APKBUILD new file mode 100644 index 000000000..8a9bc25c1 --- /dev/null +++ b/system/sudo/APKBUILD @@ -0,0 +1,67 @@ +# Contributor: Sören Tempel <soeren+alpine@soeren-tempel.net> +# Contributor: Łukasz Jendrysik <scadu@yandex.com> +# Maintainer: Natanael Copa <ncopa@alpinelinux.org> +pkgname=sudo +pkgver=1.8.21_p2 +if [ "${pkgver%_*}" != "$pkgver" ]; then + _realver=${pkgver%_*}${pkgver#*_} +else + _realver=$pkgver +fi +pkgrel=1 +pkgdesc="Give certain users the ability to run some commands as root" +url="http://www.sudo.ws/sudo/" +arch="all" +license="custom ISC" +makedepends_host="linux-pam-dev zlib-dev" +makedepends_build="bash" +makedepends="$makedepends_host $makedepends_build" +depends= +subpackages="$pkgname-doc $pkgname-dev" +source="https://www.sudo.ws/dist/sudo-${_realver}.tar.gz + fix-cross-compile.patch + libcrypt.patch + musl-fix-headers.patch + " +options="suid" + +# secfixes: +# 1.8.20_p2-r0: +# - CVE-2017-1000368 + +builddir="$srcdir"/$pkgname-$_realver +build() { + cd "$builddir" + ./configure \ + --build=$CBUILD \ + --host=$CHOST \ + --prefix=/usr \ + --libexecdir=/usr/lib \ + --mandir=/usr/share/man \ + --disable-nls \ + --enable-pie \ + --with-env-editor \ + --with-pam \ + --without-skey \ + --with-passprompt="[sudo] password for %p: " + make +} + +check() { + cd "$builddir" + make check +} + +package() { + cd "$builddir" + # the sudo's mkinstalldir script miscreates the leading + # path components with bad permissions. fix this. + install -d -m0755 "$pkgdir"/var "$pkgdir"/var/db + make -j1 DESTDIR="$pkgdir" install + rm -rf "$pkgdir"/var/run +} + +sha512sums="f04bbff54ad74ba73c078e15c75d2f41332d4912078ed66157ba7346b7fff914bd0747460cb4cd0c472af2d3b344fa72f5c62c95169df68a9cac74d7245c720c sudo-1.8.21p2.tar.gz +f0f462f40502da2194310fe4a72ec1a16ba40f95a821ba9aa6aabaa423d28c4ab26b684afa7fb81c2407cf60de9327bdab01de51b878c5d4de49b0d62645f53c fix-cross-compile.patch +5ad20254aa587ef615f794081ecd55344eada5cf8c1a1d7956cc3f73375554716c483eeb74081da9a8501afce92cfbaf2abe59d1067aac67ce6e4874eb5a23e1 libcrypt.patch +113416fed7532c6092687c8bdd9913d04888d2f0a32e4333dd27a6b3d39145717ad5c3b3f05ba11bd6462612a9a013d446d254d50b2b651c33eeebe670f41ab5 musl-fix-headers.patch" diff --git a/system/sudo/fix-cross-compile.patch b/system/sudo/fix-cross-compile.patch new file mode 100644 index 000000000..d2fc97cca --- /dev/null +++ b/system/sudo/fix-cross-compile.patch @@ -0,0 +1,15 @@ +--- ./lib/util/Makefile.in.orig ++++ ./lib/util/Makefile.in +@@ -160,10 +160,10 @@ + ./mksigname > $@ + + mksiglist: $(srcdir)/mksiglist.c $(srcdir)/mksiglist.h $(incdir)/sudo_compat.h $(top_builddir)/config.h +- $(CC) $(CPPFLAGS) $(CFLAGS) $(srcdir)/mksiglist.c -o $@ ++ $${HOSTCC:-gcc} $(CPPFLAGS) $(CFLAGS) $(srcdir)/mksiglist.c -o $@ + + mksigname: $(srcdir)/mksigname.c $(srcdir)/mksigname.h $(incdir)/sudo_compat.h $(top_builddir)/config.h +- $(CC) $(CPPFLAGS) $(CFLAGS) $(srcdir)/mksigname.c -o $@ ++ $${HOSTCC:-gcc} $(CPPFLAGS) $(CFLAGS) $(srcdir)/mksigname.c -o $@ + + $(srcdir)/mksiglist.h: $(srcdir)/siglist.in + @if [ -n "$(DEVEL)" ]; then \ diff --git a/system/sudo/libcrypt.patch b/system/sudo/libcrypt.patch new file mode 100644 index 000000000..e83b69113 --- /dev/null +++ b/system/sudo/libcrypt.patch @@ -0,0 +1,11 @@ +--- ./plugins/sudoers/Makefile.in.orig ++++ ./plugins/sudoers/Makefile.in +@@ -52,7 +52,7 @@ + LT_LIBS = $(top_builddir)/lib/util/libsudo_util.la + LIBS = $(LT_LIBS) @LIBINTL@ + NET_LIBS = @NET_LIBS@ +-SUDOERS_LIBS = @SUDOERS_LIBS@ @AFS_LIBS@ @GETGROUPS_LIB@ $(LIBS) $(NET_LIBS) @ZLIB@ @LIBMD@ ++SUDOERS_LIBS = @SUDOERS_LIBS@ @AFS_LIBS@ @GETGROUPS_LIB@ $(LIBS) $(NET_LIBS) @ZLIB@ @LIBMD@ -lcrypt + REPLAY_LIBS = @REPLAY_LIBS@ @ZLIB@ + VISUDO_LIBS = $(NET_LIBS) @LIBMD@ + TESTSUDOERS_LIBS = $(NET_LIBS) @LIBMD@ diff --git a/system/sudo/musl-fix-headers.patch b/system/sudo/musl-fix-headers.patch new file mode 100644 index 000000000..18a19b75d --- /dev/null +++ b/system/sudo/musl-fix-headers.patch @@ -0,0 +1,10 @@ +--- ./include/sudo_compat.h.orig ++++ ./include/sudo_compat.h +@@ -25,6 +25,7 @@ + #include <stdio.h> + #include <stdarg.h> + #include <stddef.h> /* for rsize_t */ ++#include <sys/types.h> /* for id_t */ + + /* + * Macros and functions that may be missing on some operating systems. diff --git a/system/syslinux/APKBUILD b/system/syslinux/APKBUILD new file mode 100644 index 000000000..25e7cb252 --- /dev/null +++ b/system/syslinux/APKBUILD @@ -0,0 +1,60 @@ +# Maintainer: Natanael Copa <ncopa@alpinelinux.org> +pkgname=syslinux +pkgver=6.04_pre1 +pkgrel=2 +_ver=${pkgver/_/-} +pkgdesc="Boot loader for the Linux operating system" +url="http://syslinux.org" +arch="x86 x86_64" +license="GPL" +makedepends="linux-headers nasm perl util-linux-dev gnu-efi-dev" +depends="mtools blkid mawk" +triggers="syslinux.trigger=/boot" +install="syslinux.post-upgrade" +options="!check textrels" # does not ship tests in tarball +ldpath="/usr/share/syslinux" + +source="https://www.kernel.org/pub/linux/utils/boot/syslinux/Testing/${pkgver%_pre*}/syslinux-$_ver.tar.xz + update-extlinux.conf + update-extlinux + " +subpackages="$pkgname-doc $pkgname-dev" + +_loaderarch= +case "$CARCH" in +x86) _loaderarch=efi32;; +x86_64) _loaderarch=efi64;; +esac + +builddir="$srcdir"/$pkgname-$_ver +prepare() { + cd "$builddir" + for i in $source; do + i=${i%%::*} + case "$i" in + *.patch) msg $i; patch -p1 -i "$srcdir"/$i || return 1;; + esac + done +} + +build() { + cd "$builddir" + unset LDFLAGS + make $_loaderarch installer || return 1 +} + +package() { + cd "$builddir" + make -j1 INSTALLROOT="$pkgdir" MANDIR=/usr/share/man \ + bios $_loaderarch install || return 1 + + mkdir -p "$pkgdir"/etc/update-extlinux.d + cp "$srcdir"/update-extlinux.conf "$pkgdir"/etc/ + sed "/^version=/s/=.*/=$pkgver-r$pkgrel/" "$srcdir"/update-extlinux \ + > "$pkgdir"/sbin/update-extlinux + chmod 755 "$pkgdir"/sbin/update-extlinux +} + +sha512sums="7927dd39be8e2dcf4138a6fea33def67d19d938379d694f15b48fdd2f5924c028b7a9e7bd71d0c7c6630c203e9e2a54296628e530632ad5e6f55b1ebefe8fc98 syslinux-6.04-pre1.tar.xz +9071be450e543597f6f95b9a5811869c5351a71f4c42f7879b9f7ec1b13e2e4d455e9f2900e3897d5e5870bd87c934b7168328186c5f17631f2b09a524e10a1a update-extlinux.conf +23fd69b5f42af063744289f64e60eddd0fa35db83d988b24635e6eb47b5c8fada8585c9aea60f398cfc1e5be8565230a81192d71df705368a90e0927f35fb60d update-extlinux" diff --git a/system/syslinux/syslinux.post-upgrade b/system/syslinux/syslinux.post-upgrade new file mode 100644 index 000000000..90388668d --- /dev/null +++ b/system/syslinux/syslinux.post-upgrade @@ -0,0 +1,61 @@ +#!/bin/sh + +# find given append opt +get_append_opt() { + awk -v search="$1" ' + $1 == "append" || $1 == "APPEND" { + split($0, a); + for (i in a) { + if (index(a[i], search) == 1) { + print a[i]; + } + } + }' /boot/extlinux.conf | sort | uniq +} + +# print default kernel options +get_default_opts() { + awk ' + $1 == "append" || $1 == "APPEND" { + opts=""; + space=""; + split($0, a); + for (i in a) { + if (i != 1 \ + && (index(a[i], "root=") != 1) \ + && (index(a[i], "initrd=") != 1) \ + && (index(a[i], "modules=") != 1)) { + opts = opts space a[i]; + space = " "; + } + } + print opts; + } + ' /boot/extlinux.conf | sort | uniq +} + +if ! [ -f /boot/extlinux.conf ]; then + exit 0 +fi + +# check if we already have a generated extlinux.conf +if grep -q '^# Generated by update-extlinux' /boot/extlinux.conf; then + exit 0 +fi + +# try fish out the kernel opts from extlinuix.conf's append line +root=$(get_append_opt 'root=' | head -n 1) +modules=$(get_append_opt 'modules=' | head -n 1) +opts=$(get_default_opts | head -n 1) + +# populate update-extlinux.conf with the info we know +if [ -n "$root" ]; then + sed -i -e "/^root=/s|.*|$root|g" /etc/update-extlinux.conf +fi +if [ -n "$modules" ]; then + sed -i -e "/^modules=/s|.*|$modules|g" /etc/update-extlinux.conf +fi +if [ -n "$opts" ]; then + sed -i -e "/^default_kernel_opts=/s|.*|default_kernel_opts=\"$opts\"|g" /etc/update-extlinux.conf +fi + diff --git a/system/syslinux/syslinux.trigger b/system/syslinux/syslinux.trigger new file mode 100644 index 000000000..fe91f4379 --- /dev/null +++ b/system/syslinux/syslinux.trigger @@ -0,0 +1,3 @@ +#!/bin/sh + +update-extlinux --warn-only diff --git a/system/syslinux/update-extlinux b/system/syslinux/update-extlinux new file mode 100755 index 000000000..b0d8d97f7 --- /dev/null +++ b/system/syslinux/update-extlinux @@ -0,0 +1,252 @@ +#!/bin/sh + +version= +default=0 +timeout=5 +verbose=0 + +conf=/boot/extlinux.conf +myconf=/etc/update-extlinux.conf + +# read in extlinux settings +if [ -f "$myconf" ]; then + . $myconf +fi + +everbose() { + if [ "$verbose" = "0" ]; then + return + fi + + echo $* +} + +ewarn() { + echo "WARNING:" $@ >&2 +} + +eerror() { + echo "ERROR:" $@ >&2 + return 1 +} + +usage() { + echo "usage: $0 [-v|--verbose] [--warn-only]" +} + +while [ $# -gt 0 ]; do + opt="$1" + shift + case "$opt" in + -v|--verbose) + verbose=1 + ;; + --warn-only) + warn_only=1 + ;; + --) + break + ;; + -*) + usage + exit 1 + ;; + esac +done + +everbose "Updating extlinux configuration." + +if [ "x$root" = "x" ]; then + ewarn "Root device is not specified in $myconf." + blkid_export=$(blkid -o export /dev/root) + if [ -n "$blkid_export" ]; then + export $blkid_export + fi + if [ -z "$UUID" ]; then + # try parse /proc/mount for mounted / + dev=$(awk '$2 == "/" {dev=$1} END {print dev}' /proc/mounts) + if [ -n "$dev" ]; then + blkid_export=$(blkid -o export $dev) + if [ -n "$blkid_export" ]; then + export "$blkid_export" + fi + fi + fi + if [ -z "$UUID" ]; then + if [ -z "$dev" ]; then + if [ -n "$warn_only" ]; then + ewarn "Failed to detect root device. extlinux.conf is not updated" + exit 0 + else + eerror "Failed to detect root device" + exit 1 + fi + else + root=$dev + fi + else + root=UUID=$UUID + fi + everbose "Root device is: $root" +fi + +rtimeout=$(( ${timeout} * 10 )) +syslinux_menu=menu.c32 +menu_hidden= + +# vesa menu has been requested? +if [ "$vesa_menu" = "1" ]; then + syslinux_menu=vesamenu.c32 +fi + +umask 0022 +rm -f $conf.new +echo "# Generated by update-extlinux $version" > $conf.new +if [ -n "$serial_port" ]; then + echo "SERIAL $serial_port ${serial_baud:-115200}" >> $conf.new +fi +echo "DEFAULT $syslinux_menu" >> $conf.new +echo "PROMPT 0" >> $conf.new +echo "MENU TITLE Addelie $(uname -s) Boot Menu" >> $conf.new +if [ "$hidden" = "1" ]; then + echo "MENU HIDDEN" >> $conf.new +fi +echo "MENU AUTOBOOT Adelie will be booted automatically in # seconds." >> $conf.new +echo "TIMEOUT $rtimeout" >> $conf.new + +lst=0 +if [ -f "/boot/xen.gz" ]; then + for kernel in $(find /boot -name "vmlinuz-*" -type f); do + tag=$(basename $kernel | cut -b9-) + everbose "Found Xen hypervisor: /boot/xen.gz, kernel: $kernel" + + if [ -f "/boot/initramfs-$tag" ]; then + everbose "Found initramfs: /boot/initramfs-$tag" + initramfs="initramfs-$tag" + else + initramfs= + fi + label=xen-$(grep -w -l $tag /usr/share/kernel/*/kernel.release \ + | cut -d/ -f5) + if [ "$label" = "xen-" ]; then + label=xen-$lst + fi + + echo "LABEL $label" >> $conf.new + if [ "$label" = "$default" ]; then + echo " MENU DEFAULT" >> $conf.new + fi + echo " MENU LABEL Xen + Linux $tag" >> $conf.new + echo " COM32 mboot.c32" >> $conf.new + echo " APPEND xen.gz $xen_opts --- $(basename $kernel) root=$root modules=${modules}${TYPE:+,$TYPE} $default_kernel_opts --- $initramfs" >> $conf.new + echo "" >> $conf.new + lst=$(($lst + 1)) + done +fi + +for kernel in $(find /boot -name "vmlinuz*" -type f); do + case $kernel in + *vmlinuz) tag=vanilla;; + *vmlinuz-*) tag=$(basename $kernel | cut -b9-);; + *) continue;; + esac + everbose "Found kernel: $kernel" + label=$(grep -w -l $tag /usr/share/kernel/*/kernel.release | cut -d/ -f5) + if [ -z "$label" ]; then + if [ "$tag" = vanilla ]; then + label="vanilla" + else + label=$lst + fi + fi + echo "LABEL $label" >> $conf.new + if [ "$label" = "$default" ]; then + echo " MENU DEFAULT" >> $conf.new + fi + echo " MENU LABEL Linux $tag" >> $conf.new + echo " LINUX $(basename $kernel)" >> $conf.new + if [ -f "/boot/initramfs-$tag" ]; then + everbose "Found initramfs: /boot/initramfs-$tag" + echo " INITRD initramfs-$tag" >> $conf.new + fi + echo " APPEND root=$root modules=${modules}${TYPE:+,$TYPE} $default_kernel_opts" >> $conf.new + echo "" >> $conf.new + lst=$(($lst + 1)) +done + +if [ -n "$password" ]; then + echo "NOESCAPE 1" >> $conf.new + echo "MENU MASTER PASSWD $password" >> $conf.new + echo "" >> $conf.new + chmod o-r $conf.new +fi + +everbose "$lst entries found." + +for entry in /etc/update-extlinux.d/*; do + [ -f "$entry" ] && { cat $entry; echo ""; } >> $conf.new +done + +echo "MENU SEPARATOR" >> $conf.new +echo "" >> $conf.new + +if [ -f "/boot/hdt.c32" ]; then + everbose "Found Hardware Detection Tool: /boot/hdt.c32" + echo "LABEL hdt" >> $conf.new + echo " MENU LABEL Hardware info" >> $conf.new + if [ -n "$password" ]; then + echo " MENU PASSWD" >> $conf.new + fi + echo " COM32 hdt.c32" >> $conf.new + if [ -f "/boot/memtest" ]; then + everbose "Found memtest86+: /boot/memtest" + echo " APPEND memtest=memtest" >> $conf.new + fi + echo "" >> $conf.new +elif [ -f "/boot/memtest" ]; then + everbose "Found memtest86+: /boot/memtest" + echo "LABEL memtest" >> $conf.new + echo " MENU LABEL Memtest86+" >> $conf.new + echo " KERNEL memtest" >> $conf.new + echo "" >> $conf.new +fi + +for i in reboot poweroff; do + [ -f "/boot/$i.c32" ] || continue + everbose "Found $i" + # make first char capital + cap=$( echo $i | awk '{sub(".", substr(toupper($0),1,1), $0); print}' ) + echo "LABEL $i" >> $conf.new + echo " MENU LABEL $cap" >> $conf.new + echo " COM32 $i.c32" >> $conf.new + echo "" >> $conf.new +done + +if cmp -s $conf.new $conf; then + everbose "Configuration unchanged." + rm $conf.new +fi + +if [ "$overwrite" != "1" ]; then + exit 0 +elif [ -f "$conf.new" ]; then + # keep a backup just in case + if [ -f "$conf" ]; then + mv $conf $conf.old + fi + + mv $conf.new $conf +fi + +everbose "Installing libutil.c32 libcom32.c32 mboot.c32 menu.c32 vesamenu.c32 to /boot." +cp /usr/share/syslinux/libutil.c32 \ + /usr/share/syslinux/libcom32.c32 \ + /usr/share/syslinux/mboot.c32 \ + /usr/share/syslinux/menu.c32 \ + /usr/share/syslinux/vesamenu.c32 \ + /boot + +case "$(stat -f -c '%T' /boot)" in +ext*) extlinux --update /boot || [ -n "$warn_only" ];; +esac + diff --git a/system/syslinux/update-extlinux.conf b/system/syslinux/update-extlinux.conf new file mode 100644 index 000000000..39598cb99 --- /dev/null +++ b/system/syslinux/update-extlinux.conf @@ -0,0 +1,75 @@ +# configuration for extlinux config builder + +# overwrite +# Overwrite current /boot/extlinux.conf. If this is not '1' we will only +# write to /boot/extlinux.conf.new +overwrite=1 + +# vesa_menu +# use fancy vesa menu (vesamenu.c32) menus, won't work with serial +vesa_menu=1 + +# default_kernel_opts +# default kernel options +default_kernel_opts=ro + +# modules +# modules which should be loaded before pivot_root +modules= +#sd-mod,usb-storage,ext3 + +# root +# root device - if not specified, will be guessed using +# blkid -o export /dev/root +root= + +# verbose +# if set to non-zero, update-extlinux will be a lot more verbose. +verbose=0 + +# hidden +# if set to non-zero, the boot menu will be hidden by default. +hidden=0 + +# timeout +# number of seconds to wait before booting default +timeout=5 + +# default +# default kernel to boot +default=vanilla + +# serial_port +# serial port number - if not specified, serial console will be disabled +serial_port= + +# serial_baud +# the baudrate for the serial port. Will use 115200 if unset +serial_baud=115200 + +# xen_opts +# options to hand to xen hypervisor, useful ones are: +# dom0_mem=256M (give domain-0 environment 256M ram) +xen_opts=dom0_mem=256M + +# if you copy /usr/share/syslinux/reboot.c32 to /boot/, a menu entry +# will be auto-generated for it + +# if you copy hdt.c32, libgpl.c32, and libmenu.c32 from /usr/share/syslinux/ +# to /boot/, a menu entry will be auto-generated for HDT + +# if you download and install /boot/memtest, then if HDT is present it +# will use it, else a separate menu entry will be auto-generated for +# memtest + +# optional password +# you can generate a SHA512 password using: mkpasswd +# +# if you assign a password, you should make this file world-unreadable +# +# if a password is assigned, the menu entries can't be edited at boot +# time, and HDT if present is password-protected +# +# you can also include "MENU PASSWD" in any custom entries you have in +# /etc/update-extlinux.d/ +password='' diff --git a/system/vim/APKBUILD b/system/vim/APKBUILD new file mode 100644 index 000000000..df46d4b5d --- /dev/null +++ b/system/vim/APKBUILD @@ -0,0 +1,68 @@ +# Contributor: Sergei Lukin <sergej.lukin@gmail.com> +# Contributor: Łukasz Jendrysik <scadu@yandex.com> +# Contributor: Sören Tempel <soeren+alpine@soeren-tempel.net> +# Maintainer: Natanael Copa <ncopa@alpinelinux.org> +pkgname=vim +pkgver=8.0.1240 +pkgrel=0 +pkgdesc="advanced text editor" +url="http://www.vim.org" +arch="all" +license="custom" +depends="" +options="!check" # requires controlling TTY, and fails with musl locales +makedepends="acl-dev ncurses-dev perl-dev python3-dev" +subpackages="$pkgname-doc ${pkgname}diff::noarch" +source="$pkgname-$pkgver.tar.gz::https://github.com/$pkgname/$pkgname/archive/v$pkgver.tar.gz + vimrc + " +builddir="$srcdir/$pkgname-$pkgver" + +# secfixes: +# 8.0.0329-r0: +# - CVE-2017-5953 +# 8.0.0056-r0: +# - CVE-2016-1248 + +prepare() { + cd "$builddir" + # Read vimrc from /etc/vim + echo '#define SYS_VIMRC_FILE "/etc/vim/vimrc"' >> src/feature.h +} + +build() { + cd "$builddir" + ./configure \ + --build=$CBUILD \ + --host=$CHOST \ + --prefix=/usr \ + --enable-perlinterp \ + --enable-python3interp=dynamic \ + --without-x \ + --enable-acl \ + --enable-nls \ + --enable-multibyte \ + --enable-gui=no \ + --with-compiledby="Adélie Linux" + make +} + +package() { + cd "$builddir" + make -j1 DESTDIR="$pkgdir/" install + + install -Dm644 runtime/doc/uganda.txt \ + "$pkgdir/usr/share/licenses/$pkgname/LICENSE" + install -Dm644 "$srcdir"/vimrc "$pkgdir"/etc/vim/vimrc +} + +vimdiff() { + pkgdesc="view file diffs in vim" + depends="diffutils" + + install -d "$subpkgdir"/usr/bin + mv "$pkgdir"/usr/bin/vimdiff "$subpkgdir"/usr/bin +} + +sha512sums="12f213b9fa61294359e5376605d4d7cd4a329fcfd1b3bcdbf3c9e4c4baf6bf0cc013a7670a173d84e0ef6a210705ddba8fc39a8222744b3779d6493d92c99d29 vim-8.0.1240.tar.gz +95d4ad2e86c4490814fa6047c9d2d57a8acffb6c286a81483faac44d0648874dc9669fee7d29ce98612f5ab8afe68480c29e4128a7aa7f99465dd8de298145c3 vimrc" diff --git a/system/vim/vimrc b/system/vim/vimrc new file mode 100644 index 000000000..4849a16d1 --- /dev/null +++ b/system/vim/vimrc @@ -0,0 +1,18 @@ +set nocompatible " Use Vim defaults (much better!) +set bs=2 " Allow backspacing over everything in insert mode +set ai " Always set auto-indenting on +set history=50 " keep 50 lines of command history +set ruler " Show the cursor position all the time + +set mouse= " Use Vim 7 default of no mouse movements by default + +" Don't use Ex mode, use Q for formatting +map Q gq + +" When doing tab completion, give the following files lower priority. +set suffixes+=.info,.aux,.log,.dvi,.bbl,.out,.o,.lo + +set nomodeline +syntax on +color desert +autocmd BufRead APKBUILD set filetype=sh diff --git a/system/wine/APKBUILD b/system/wine/APKBUILD new file mode 100644 index 000000000..b1aaad45b --- /dev/null +++ b/system/wine/APKBUILD @@ -0,0 +1,139 @@ +# Contributor: Valery Kartel <valery.kartel@gmail.com> +# Contributor: Sören Tempel <soeren+alpine@soeren-tempel.net> +# Contributor: Łukasz Jendrysik <scadu@yandex.com> +# Contributor: Martell Malone <martell@marinelayer.io> +# Maintainer: Natanael Copa <ncopa@alpinelinux.org> +pkgname=wine +pkgver=3.0 +_pkgver=${pkgver/_/-} +pkgrel=0 +pkgdesc="A compatibility layer for running Windows programs" +url="http://www.winehq.com" +arch="pmmx x86 x86_64" +license="LGPL-2.0-or-later" +# As of 2.0.3 most of the tests fails +options="!check" +subpackages="$pkgname-libs $pkgname-dev $pkgname-doc" +depends_dev="$pkgname perl" +makedepends="fontconfig-dev openldap-dev libxslt-dev libxxf86dga-dev + libxcursor-dev libxrandr-dev libxdamage-dev mesa-dev flex-dev bison + libpng-dev libjpeg-turbo-dev freetype-dev ncurses-dev libressl-dev + libxcomposite-dev libxrender-dev libxinerama-dev zlib-dev + cups-dev alsa-lib-dev lcms-dev libxml2-dev paxmark dbus-dev libxi-dev + gnutls-dev tiff-dev v4l-utils-dev udisks2-dev autoconf automake + openal-soft-dev pulseaudio-dev sane-dev eudev-dev + " +source="http://dl.winehq.org/$pkgname/source/${pkgver%.[1-9]}/$pkgname-$_pkgver.tar.xz + no-pie.patch + winhlp32-flex.patch + " +builddir="$srcdir/$pkgname-$_pkgver" + +prepare() { + cd "$builddir" + + default_prepare + aclocal && autoheader && autoreconf +} + +build() { + cd "$builddir" + + case "$CARCH" in + x86_64) _win64=--enable-win64;; + esac + ./configure \ + --build=$CBUILD \ + --host=$CHOST \ + --prefix=/usr \ + --libdir=/usr/lib \ + --sysconfdir=/etc \ + --localstatedir=/var \ + --with-cups \ + --with-curses \ + --with-dbus \ + --with-fontconfig \ + --with-freetype \ + --with-jpeg \ + --with-openal \ + --with-opengl \ + --with-png \ + --with-pulse \ + --with-sane \ + --with-udev \ + --with-va \ + --with-x \ + --with-xcomposite \ + --with-xinerama \ + --with-xslt \ + $_win64 + make +} + +check() { + cd "$builddir" + make test +} + +package() { + local file + cd "$builddir" + make -j1 DESTDIR="$pkgdir" install + + case "$CARCH" in + x86_64) _wine="wine64";; + *) _wine="wine";; + esac + + paxmark -psmre "$pkgdir"/usr/bin/$_wine-preloader \ + "$pkgdir"/usr/bin/$_wine + + install -Dm755 tools/wineapploader \ + "$pkgdir"/usr/bin/wineapploader + + for file in msiexec notepad regedit regsvr32 wineboot \ + winecfg wineconsole winefile winemine winepath + do + rm "$pkgdir"/usr/bin/$file + ln -sf /usr/bin/wineapploader "$pkgdir"/usr/bin/$file + done +} + +dev() { + local file + default_dev + + install -d "$subpkgdir"/usr/bin + for file in widl wmc wrc winebuild winedump function_grep.pl \ + winedbg winemaker winegcc winecpp wineg++ + do + mv "$pkgdir"/usr/bin/$file "$subpkgdir"/usr/bin/ + done + + install -d "$subpkgdir"/usr/lib/wine + mv "$pkgdir"/usr/lib/wine/*.def "$subpkgdir"/usr/lib/wine/ +} + +doc() { + default_doc + rm -fr "$subpkgdir"/usr/share/man/*.UTF-8 +} + +libs() { + local file ext + default_libs + + install -d "$subpkgdir"/usr/lib/wine/fakedlls + for ext in dll16 drv16 exe16 acm dll drv ds ocx sys tlb vxd; do + for file in $(find "$pkgdir/usr/lib/wine/fakedlls" -name "*.$ext"); do + mv "$pkgdir"/usr/lib/wine/fakedlls/${file##*/} \ + "$subpkgdir"/usr/lib/wine/fakedlls/ + mv "$pkgdir"/usr/lib/wine/${file##*/}.so \ + "$subpkgdir"/usr/lib/wine/ + done + done +} + +sha512sums="a51f41b66f4805e09b223528eff6670e94b9c0c0c947be647507baf9d8d9afe7c3fdc88684c2c8d3573b4739d9a086ab929a744a8594d3c8f6ceb52070f43f0a wine-3.0.tar.xz +d853875f7d659617bdfba364704abd75b760d12977f1f13acc73acb3c8fefec0549677fb79a4f8955e073d64078b3071d63d97262522e22b7832a66d3d820a9c no-pie.patch +522a94a31fc459e80ea7dd05f7aee64f6ae666ec05236d06614acde118d5c60002e0f253ae75edb5f02164f22937ca89578504b690d1a5611bd60f703c8f0c00 winhlp32-flex.patch" diff --git a/system/wine/no-pie.patch b/system/wine/no-pie.patch new file mode 100644 index 000000000..5fb5d87b6 --- /dev/null +++ b/system/wine/no-pie.patch @@ -0,0 +1,14 @@ +diff --git a/loader/Makefile.in b/loader/Makefile.in +index 8190037..437d4d9 100644 +--- a/loader/Makefile.in ++++ b/loader/Makefile.in +@@ -26,7 +26,7 @@ wine64_DEPS = $(WINELOADER_DEPENDS) + wine64_LDFLAGS = $(LDEXECFLAGS) -lwine $(PTHREAD_LIBS) + + wine_preloader_OBJS = preloader.o +-wine_preloader_LDFLAGS = -static -nostartfiles -nodefaultlibs -Wl,-Ttext=0x7c400000 ++wine_preloader_LDFLAGS = -static -nostartfiles -nodefaultlibs -Wl,-Ttext=0x7c400000 -no-pie + + wine64_preloader_OBJS = preloader.o +-wine64_preloader_LDFLAGS = -static -nostartfiles -nodefaultlibs -Wl,-Ttext=0x7c400000 ++wine64_preloader_LDFLAGS = -static -nostartfiles -nodefaultlibs -Wl,-Ttext=0x7c400000 -no-pie diff --git a/system/wine/nopie.patch b/system/wine/nopie.patch new file mode 100644 index 000000000..54eb141be --- /dev/null +++ b/system/wine/nopie.patch @@ -0,0 +1,10 @@ +diff --git a/loader/Makefile.in b/loader/Makefile.in +index 8190037..b4f2902 100644 +--- a/loader/Makefile.in ++++ b/loader/Makefile.in +@@ -29,4 +29,4 @@ wine_preloader_OBJS = preloader.o + wine_preloader_LDFLAGS = -static -nostartfiles -nodefaultlibs -Wl,-Ttext=0x7c400000 + + wine64_preloader_OBJS = preloader.o +-wine64_preloader_LDFLAGS = -static -nostartfiles -nodefaultlibs -Wl,-Ttext=0x7c400000 ++wine64_preloader_LDFLAGS = -static -nostartfiles -nodefaultlibs -Wl,-Ttext=0x7c400000 -no-pie diff --git a/system/wine/winhlp32-flex.patch b/system/wine/winhlp32-flex.patch new file mode 100644 index 000000000..daeb790c2 --- /dev/null +++ b/system/wine/winhlp32-flex.patch @@ -0,0 +1,9 @@ +--- a/programs/winhlp32/Makefile.in ++++ b/programs/winhlp32/Makefile.in +@@ -1,5 +1,5 @@ + MODULE = winhlp32.exe +-APPMODE = -mwindows ++APPMODE = -mwindows -lfl + IMPORTS = user32 gdi32 + DELAYIMPORTS = shell32 comctl32 comdlg32 + |