Hello!
Attached find a massive patch to prepare hardening of T2 binaries
against buffer overflows and stack-smashing, as well as some tiny fixes
and a new required package.
I've built a working minimal-desktop ISO with --enable-default-pie and
--enable-default-ssp. For now, only VIM from packages seems to have an
issue somewhere. VIM from source works.
For hardening, apply the relevant patches and recompile GCC with
additional configure options '--enable-default-pie --enable-default-ssp'
OR
Add to CFLAGS/CXXFLAGS: "-fstack-protector -pie -fpie"
Enjoy!
Overview of updates in the patch file:
Index: misc/luabash/Makefile -- This fixes the insecure warning about
insecure tmpnam
Index: package/database/bdb/atomic.patch -- This fixes a clash in
certain cases while compiling
Index: package/database/gdbm/gdbm.desc -- Needed in stage 1 for 'man',
instead of bdb, fixes compilation error in stage 1
Index: package/develop/doxygen/doxygen.desc -- Update doxygen to 1.9.1
Index:
package/develop/gcc/0001-Always-use-z-now-when-linking-with-pie.patch --
Taken from ClearLinux, adds additional hardening when using pie
Index: package/develop/gcc/01_all_default-fortify-source.patch -- Taken
from Gentoo, enables checks for buffer overflows by default
Index: package/develop/gcc/04_all_nossp-on-nostdlib.patch -- Taken from
Gentoo, disable SSP for baremetal code
Index: package/develop/gcc/10_all_nopie-all-flags.patch -- Taken from
Gentoo, no need for pie on gcc itself
Index: package/develop/gcc/24_all_default_ssp-buffer-size.patch -- Taken
from Gentoo, modified to match ClearLinux. Increases buffer size to
mitigate potential performance hits
Index: package/develop/gcc/gcc.conf -- Disable the obsolete SSP script
Index: package/develop/gcc/optimize-at-least-some.patch -- Taken from
ClearLinux, "Without at least -O1 optimizations, many security checks
just do not work"
Index: package/develop/gcc/tune-inline.patch -- Taken from ClearLinux
Index: package/develop/libpipeline/libpipeline.desc -- Needed in stage 1
Index: package/develop/meson/meson.desc -- Update meson to 0.56.2 -- It
was required for some package
Index: package/develop/qjson/qjson.desc -- Update to 0.9.0 -- Seems
obsolete
Index: package/develop/rpcsvc-proto/rpcsvc-proto.desc -- New package,
required for nfs-utils, since glibc doesn't have those anymore
Index: package/fonts/fontforge/fontforge.desc -- Fixes compilation issue
for libspiro, which is not in T2
Index: package/network/libnet/libnet.desc -- Update and relocated to
github
Index: package/python/python/python.conf -- Force 'ln', same as others
in the script, fixes error during installation in stage 3 or 5
Index: package/python/python2/python2.desc -- Update to the final
release, 2.7.18
Index: package/qt/qt/qt.desc -- Update to 3.3.8b, obsolete
Index: package/security/cyrus-sasl2/cyrus-sasl2.desc -- Update to 2.1.27
Index: package/x86/efivar/efivar.desc -- Fixes compilation issue with
GCC 10
Index: package/x86/grub2/grub2.conf -- Remove kludge, works fine with
Python3
Index: target/generic/pkgsel/20-minimal.in -- Make sure rpcsvc-proto is
installed along nfs-utilsIndex: misc/luabash/Makefile
===================================================================
--- misc/luabash/Makefile (revision 51065)
+++ misc/luabash/Makefile (working copy)
@@ -3,7 +3,7 @@
X_OUTTOP=../../src
libdir=$(X_OUTTOP)
-CFLAGS = -Wall -O2 -s -fPIC
+CFLAGS = -Wall -O2 -s -fPIC -DLUA_USE_POSIX=1
#CFLAGS = -Wall -O0 -ggdb -fPIC
# ExactBuild does use CXX to link a .so right now
Index: package/database/bdb/atomic.patch
===================================================================
--- package/database/bdb/atomic.patch (nonexistent)
+++ package/database/bdb/atomic.patch (working copy)
@@ -0,0 +1,45 @@
+From 29621d637e30982489693f2e207ce6a1790e3337 Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.k...@gmail.com>
+Date: Wed, 22 Mar 2017 15:32:26 +0000
+Subject: [PATCH] atomic: Rename local __atomic_compare_exchange to avoid clash
+ with builtins
+
+Helps building with clang
+
+Fixes
+
+../db-5.3.28/src/dbinc/atomic.h:179:19: error: definition of builtin function '__atomic_compare_exchange'
+static inline int __atomic_compare_exchange(
+
+Upstream-Status: Pending
+
+Signed-off-by: Khem Raj <raj.k...@gmail.com>
+---
+ src/dbinc/atomic.h | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/dbinc/atomic.h b/src/dbinc/atomic.h
+index 6a858f7..1b49de5 100644
+--- a/src/dbinc/atomic.h
++++ b/src/dbinc/atomic.h
+@@ -144,7 +144,7 @@ typedef LONG volatile *interlocked_val;
+ #define atomic_inc(env, p) __atomic_inc(p)
+ #define atomic_dec(env, p) __atomic_dec(p)
+ #define atomic_compare_exchange(env, p, o, n) \
+- __atomic_compare_exchange((p), (o), (n))
++ __db_atomic_compare_exchange((p), (o), (n))
+ static inline int __atomic_inc(db_atomic_t *p)
+ {
+ int temp;
+@@ -176,7 +176,7 @@ static inline int __atomic_dec(db_atomic_t *p)
+ * http://gcc.gnu.org/onlinedocs/gcc-4.1.0/gcc/Atomic-Builtins.html
+ * which configure could be changed to use.
+ */
+-static inline int __atomic_compare_exchange(
++static inline int __db_atomic_compare_exchange(
+ db_atomic_t *p, atomic_value_t oldval, atomic_value_t newval)
+ {
+ atomic_value_t was;
+--
+1.8.3.1
+
Index: package/database/gdbm/gdbm.desc
===================================================================
--- package/database/gdbm/gdbm.desc (revision 51065)
+++ package/database/gdbm/gdbm.desc (working copy)
@@ -29,7 +29,7 @@
[L] GPL
[S] Stable
[V] 1.19
-[P] X --2--5---9 104.800
+[P] X -12--5---9 104.800
[O] atstage cross && var_append makeinstopt ' ' 'INSTALL_ROOT=$root'
Index: package/develop/doxygen/doxygen.desc
===================================================================
--- package/develop/doxygen/doxygen.desc (revision 51065)
+++ package/develop/doxygen/doxygen.desc (working copy)
@@ -44,8 +44,8 @@
[L] GPL
[S] Stable
-[V] 1.8.20
+[V] 1.9.1
[P] X -----5---9 127.100
[CV-URL] http://www.doxygen.nl/download.html
-[D] bfa4e80f9847f78a622d4097b5d79a813304df8e0bfc8424d90bacc1 doxygen-1.8.20.src.tar.gz http://doxygen.nl/files/
+[D] bd6cf8a798a32deb7be4feefb069236d9c69740e1a1f8acc53216627 doxygen-1.9.1.src.tar.gz http://doxygen.nl/files/
Index: package/develop/gcc/0001-Always-use-z-now-when-linking-with-pie.patch
===================================================================
--- package/develop/gcc/0001-Always-use-z-now-when-linking-with-pie.patch (nonexistent)
+++ package/develop/gcc/0001-Always-use-z-now-when-linking-with-pie.patch (working copy)
@@ -0,0 +1,28 @@
+From e1177f2db7fe3c4533e2968f8240b93df5333a85 Mon Sep 17 00:00:00 2001
+From: Thiago Macieira <thiago.macie...@intel.com>
+Date: Wed, 8 May 2019 18:01:01 -0700
+Subject: [PATCH] Always use -z now when linking with -pie
+
+Patch inspired by Ubuntu.
+
+Signed-off-by: Thiago Macieira <thiago.macie...@intel.com>
+---
+ gcc/gcc.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/gcc/gcc.c b/gcc/gcc.c
+index 4f57765b012..8c4a8818a02 100644
+--- a/gcc/gcc.c
++++ b/gcc/gcc.c
+@@ -931,7 +931,7 @@ proper position among the other output files. */
+ #ifndef LINK_PIE_SPEC
+ #ifdef HAVE_LD_PIE
+ #ifndef LD_PIE_SPEC
+-#define LD_PIE_SPEC "-pie"
++#define LD_PIE_SPEC "-pie -z now"
+ #endif
+ #else
+ #define LD_PIE_SPEC ""
+--
+2.21.0
+
Index: package/develop/gcc/01_all_default-fortify-source.patch
===================================================================
--- package/develop/gcc/01_all_default-fortify-source.patch (nonexistent)
+++ package/develop/gcc/01_all_default-fortify-source.patch (working copy)
@@ -0,0 +1,22 @@
+Taken Debian's patch and removed docs matches:
+ https://salsa.debian.org/toolchain-team/gcc.git
+Also see https://bugs.gentoo.org/621036 where
+initially Gentoo used too complicated macro.
+
+# DP: Turn on -D_FORTIFY_SOURCE=2 by default for C, C++, ObjC, ObjC++,
+# DP: if the optimization level is > 0
+--- a/gcc/c-family/c-cppbuiltin.c
++++ b/gcc/c-family/c-cppbuiltin.c
+@@ -951,6 +951,12 @@ c_cpp_builtins (cpp_reader *pfile)
+ builtin_define_with_value ("__REGISTER_PREFIX__", REGISTER_PREFIX, 0);
+ builtin_define_with_value ("__USER_LABEL_PREFIX__", user_label_prefix, 0);
+
++#if !defined(ACCEL_COMPILER)
++ /* Fortify Source enabled by default for optimization levels > 0 */
++ if (optimize)
++ builtin_define_with_int_value ("_FORTIFY_SOURCE", 2);
++#endif
++
+ /* Misc. */
+ if (flag_gnu89_inline)
+ cpp_define (pfile, "__GNUC_GNU_INLINE__");
Index: package/develop/gcc/04_all_nossp-on-nostdlib.patch
===================================================================
--- package/develop/gcc/04_all_nossp-on-nostdlib.patch (nonexistent)
+++ package/develop/gcc/04_all_nossp-on-nostdlib.patch (working copy)
@@ -0,0 +1,27 @@
+Disable ssp on -nostdlib, -nodefaultlibs and -ffreestanding
+
+https://bugs.gentoo.org/484714
+--- a/gcc/gcc.c 2017-07-04 09:15:57.740793000 +0200
++++ b/gcc/gcc.c 2018-03-02 13:58:44.387741114 +0100
+@@ -857,6 +857,12 @@ proper position among the other output f
+ #define LINK_GCC_C_SEQUENCE_SPEC "%G %L %G"
+ #endif
+
++#ifdef ENABLE_DEFAULT_SSP
++#define NO_SSP_SPEC "%{nostdlib|nodefaultlibs|ffreestanding:-fno-stack-protector} "
++#else
++#define NO_SSP_SPEC ""
++#endif
++
+ #ifndef LINK_SSP_SPEC
+ #ifdef TARGET_LIBC_PROVIDES_SSP
+ #define LINK_SSP_SPEC "%{fstack-protector|fstack-protector-all" \
+@@ -1131,7 +1148,7 @@ static const char *cc1_options =
+ %{-version:--version}\
+ %{-help=*:--help=%*}\
+ %{!fsyntax-only:%{S:%W{o*}%{!o*:-o %b.s}}}\
+- %{fsyntax-only:-o %j} %{-param*}\
++ %{fsyntax-only:-o %j} %{-param*} " NO_SSP_SPEC "\
+ %{coverage:-fprofile-arcs -ftest-coverage}\
+ %{fprofile-arcs|fprofile-generate*|coverage:\
+ %{!fprofile-update=singel:\
Index: package/develop/gcc/10_all_nopie-all-flags.patch
===================================================================
--- package/develop/gcc/10_all_nopie-all-flags.patch (nonexistent)
+++ package/develop/gcc/10_all_nopie-all-flags.patch (working copy)
@@ -0,0 +1,18 @@
+We need to pass NO_PIE_CFLAGS to ALL_* so gcc don't fail when
+we compile it with older gcc and pie.
+
+--- a/gcc/Makefile.in 2015-06-25 19:18:12.000000000 +0200
++++ b/gcc/Makefile.in 2016-04-22 00:12:54.029178860 +0200
+@@ -991,10 +991,10 @@ ALL_CXXFLAGS = $(T_CFLAGS) $(CFLAGS-$@)
+ ALL_CPPFLAGS = $(INCLUDES) $(CPPFLAGS)
+
+ # This is the variable to use when using $(COMPILER).
+-ALL_COMPILERFLAGS = $(ALL_CXXFLAGS)
++ALL_COMPILERFLAGS = $(NO_PIE_CFLAGS) $(ALL_CXXFLAGS)
+
+ # This is the variable to use when using $(LINKER).
+-ALL_LINKERFLAGS = $(ALL_CXXFLAGS)
++ALL_LINKERFLAGS = $(NO_PIE_CFLAGS) $(ALL_CXXFLAGS)
+
+ # Build and host support libraries.
+
Index: package/develop/gcc/24_all_default_ssp-buffer-size.patch
===================================================================
--- package/develop/gcc/24_all_default_ssp-buffer-size.patch (nonexistent)
+++ package/develop/gcc/24_all_default_ssp-buffer-size.patch (working copy)
@@ -0,0 +1,14 @@
+Change the minimal SSP buffer size.
+
+https://bugs.gentoo.org/484714
+--- a/gcc/params.opt
++++ b/gcc/params.opt
+@@ -849,7 +849,7 @@ Common Joined UInteger Var(param_ssa_name_def_chain_limit) Init(512) Param Optim
+ The maximum number of SSA_NAME assignments to follow in determining a value.
+
+ -param=ssp-buffer-size=
+-Common Joined UInteger Var(param_ssp_buffer_size) Init(8) IntegerRange(1, 65536) Param Optimization
++Common Joined UInteger Var(param_ssp_buffer_size) Init(32) IntegerRange(1, 65536) Param Optimization
+ The lower bound for a buffer to be considered for stack smashing protection.
+
+ -param=stack-clash-protection-guard-size=
Index: package/develop/gcc/gcc.conf
===================================================================
--- package/develop/gcc/gcc.conf (revision 51065)
+++ package/develop/gcc/gcc.conf (working copy)
@@ -229,6 +229,6 @@
[[ "$languages" = *go* ]] && var_append GCC_WRAPPER_APPEND " " "-Wno-maybe-uninitialized"
# Apply the respective Stack Smashing Protector patch.
-hook_add prepatch 3 ". $base/package/*/gcc/apply-protector.sh"
+#hook_add prepatch 3 ". $base/package/*/gcc/apply-protector.sh"
hook_add premake 5 "gcc_premake"
hook_add postmake 5 "gcc_postmake"
Index: package/develop/gcc/optimize-at-least-some.patch
===================================================================
--- package/develop/gcc/optimize-at-least-some.patch (nonexistent)
+++ package/develop/gcc/optimize-at-least-some.patch (working copy)
@@ -0,0 +1,15 @@
+Without at least -O1 optimizations, many security checks just do not work
+
+so default to at least O1
+
+--- gcc-6.2.0/gcc/opts.c~ 2016-03-17 15:11:35.000000000 +0000
++++ gcc-6.2.0/gcc/opts.c 2016-11-19 19:01:38.701907744 +0000
+@@ -558,6 +558,8 @@
+ int opt2;
+ bool openacc_mode = false;
+
++ opts->x_optimize = 1;
++
+ /* Scan to see what optimization level has been specified. That will
+ determine the default value of many flags. */
+ for (i = 1; i < decoded_options_count; i++)
Index: package/develop/gcc/tune-inline.patch
===================================================================
--- package/develop/gcc/tune-inline.patch (nonexistent)
+++ package/develop/gcc/tune-inline.patch (working copy)
@@ -0,0 +1,11 @@
+--- gcc-10.2.0/gcc/params.opt~ 2020-07-23 06:35:17.000000000 +0000
++++ gcc-10.2.0/gcc/params.opt 2020-09-10 20:54:20.249498992 +0000
+@@ -183,7 +183,7 @@
+ The minimal estimated speedup allowing inliner to ignore inline-insns-single and inline-insns-auto.
+
+ -param=inline-unit-growth=
+-Common Joined UInteger Var(param_inline_unit_growth) Init(40) Optimization Param
++Common Joined UInteger Var(param_inline_unit_growth) Init(80) Optimization Param
+ How much can given compilation unit grow because of the inlining (in percent).
+
+ -param=integer-share-limit=
Index: package/develop/libpipeline/libpipeline.desc
===================================================================
--- package/develop/libpipeline/libpipeline.desc (revision 51065)
+++ package/develop/libpipeline/libpipeline.desc (working copy)
@@ -28,6 +28,6 @@
[L] GPL
[S] Stable
[V] 1.5.3
-[P] X -----5---9 108.000
+[P] X -1---5---9 108.000
[D] 65bacb5cc3dec2eebca50f9bf3bc833a61d5a1815bab2dd9bab61ea0 libpipeline-1.5.3.tar.gz http://download.savannah.nongnu.org/releases/libpipeline/
Index: package/develop/meson/meson.desc
===================================================================
--- package/develop/meson/meson.desc (revision 51065)
+++ package/develop/meson/meson.desc (working copy)
@@ -25,7 +25,7 @@
[L] APL
[S] Beta
-[V] 0.54.3
+[V] 0.56.2
[P] X 01---5---9 109.500
[O] pyscript=python3
@@ -32,4 +32,4 @@
[O] runpysetup=1
[CV-FLAGS] OOD-STABLE NO-PREFIX
-[D] 7af5c031fefec237b1993ad45b0de72ef2a73d1f9daec7b052d854cd meson-0.54.3.tar.gz https://github.com/mesonbuild/meson/archive/0.54.3/
+[D] 62796ce4abec722ff15b1e731ee904245b9f3948e8baa319ca244cbd meson-0.56.2.tar.gz https://github.com/mesonbuild/meson/archive/0.56.2/
Index: package/develop/qjson/qjson.desc
===================================================================
--- package/develop/qjson/qjson.desc (revision 51065)
+++ package/develop/qjson/qjson.desc (working copy)
@@ -25,8 +25,8 @@
[L] LGPL
[S] Stable
-[V] 0.7.1
+[V] 0.9.0
[P] X -----5---9 128.840
[CV-FLAGS] ODD-STABLE
-[D] 487113705 qjson-0.7.1.tar.bz2 http://dl.sourceforge.net/qjson/
+[D] 487bc899d3d296dca380b1ab090ccb95712edb75f342a4211a8781a7 qjson-0.9.0.tar.gz https://github.com/flavio/qjson/archive/0.9.0/
Index: package/develop/rpcsvc-proto/rpcsvc-proto.desc
===================================================================
--- package/develop/rpcsvc-proto/rpcsvc-proto.desc (nonexistent)
+++ package/develop/rpcsvc-proto/rpcsvc-proto.desc (working copy)
@@ -0,0 +1,35 @@
+[COPY] --- T2-COPYRIGHT-NOTE-BEGIN ---
+[COPY] This copyright note is auto-generated by scripts/Create-CopyPatch.
+[COPY]
+[COPY] T2 SDE: package/.../meson/meson.desc
+[COPY] Copyright (C) 2017 - 2020 The T2 SDE Project
+[COPY]
+[COPY] More information can be found in the files COPYING and README.
+[COPY]
+[COPY] This program is free software; you can redistribute it and/or modify
+[COPY] it under the terms of the GNU General Public License as published by
+[COPY] the Free Software Foundation; version 2 of the License. A copy of the
+[COPY] GNU General Public License can be found in the file COPYING.
+[COPY] --- T2-COPYRIGHT-NOTE-END ---
+
+[I] rpcsvc protocol definitions from glibc
+
+[T] This package contains rpcsvc proto.x files from glibc, which are
+[T] missing in libtirpc. Additional it contains rpcgen, which is needed
+[T] to create header files and sources from protocol files.
+
+[U] https://github.com/thkukuk/rpcsvc-proto
+
+[A] Thorsten Kukuk, et al
+[M] Frits Letteboer <gra...@freedom.nl>
+
+[C] base/development
+
+[L] BSD
+[S] Release
+[V] 1.4.2
+[P] X -----5---9 109.500
+
+[O] var_append confopt ' ' '--sysconfdir=/etc'
+
+[D] 3a618a5ef827108c097994e8edf3c85ee001315648b7e728c68a7393 rpcsvc-proto-1.4.2.tar.xz https://github.com/thkukuk/rpcsvc-proto/releases/download/v1.4.2/
Index: package/fonts/fontforge/fontforge.desc
===================================================================
--- package/fonts/fontforge/fontforge.desc (revision 51065)
+++ package/fonts/fontforge/fontforge.desc (working copy)
@@ -32,6 +32,6 @@
[P] X -----5---9 125.200
-[O] hook_add preconf 5 'mkdir objdir; cd objdir; cmake -DCMAKE_INSTALL_PREFIX=/$prefix -DCMAKE_BUILD_TYPE=Release ..'
+[O] hook_add preconf 5 'mkdir objdir; cd objdir; cmake -DCMAKE_INSTALL_PREFIX=/$prefix -DCMAKE_BUILD_TYPE=Release -DENABLE_GUI=off -DENABLE_LIBSPIRO=off ..'
[D] 2f045776a573a8fd561fbb956547c3194beb17bb463c3af254cab986 fontforge-20201107.tar.xz https://github.com/fontforge/fontforge/releases/download/20201107/
Index: package/network/libnet/libnet.desc
===================================================================
--- package/network/libnet/libnet.desc (revision 51065)
+++ package/network/libnet/libnet.desc (working copy)
@@ -31,8 +31,7 @@
[L] BSD
[S] Stable
-[V] 1.1.2.1
+[V] 1.2
[P] X -----5---9 115.500
-[CV-FLAGS] ODD-STABLE
-[D] 1190536047 libnet-1.1.2.1.tar.gz http://www.packetfactory.net/projects/libnet/dist/
+[D] b75ceeeff4a863e0f7d258c2fbd94f231dc872d2b7ed80a4c8d3f3b4 libnet-1.2.tar.gz https://github.com/libnet/libnet/releases/download/v1.2/
Index: package/python/python/python.conf
===================================================================
--- package/python/python/python.conf (revision 51065)
+++ package/python/python/python.conf (working copy)
@@ -67,8 +67,8 @@
fi
# default python symlinks
-hook_add postmake 5 'ln -s python3 $root$bindir/python'
-hook_add postmake 5 'ln -s python3-config $root$bindir/python-config'
+hook_add postmake 5 'ln -sf python3 $root$bindir/python'
+hook_add postmake 5 'ln -sf python3-config $root$bindir/python-config'
if atstage cross; then
# need a working getaddrinfo(), force enable or disable ipv6:
Index: package/python/python2/python2.desc
===================================================================
--- package/python/python2/python2.desc (revision 51065)
+++ package/python/python2/python2.desc (working copy)
@@ -28,9 +28,9 @@
[L] OpenSource
[S] Stable
-[V] 2.7.17
+[V] 2.7.18
[P] X 0-2--5---9 109.000
[CV-URL] http://www.python.org/download/
[CV-FLAGS] ODD-STABLE
-[D] ea71faaf1b8d048e84051346f251045b4bef4f8e9fe0cc04b4d5e830 Python-2.7.17.tar.xz http://www.python.org/ftp/python/2.7.17/
+[D] 7a3a94c0431a012919318b752eeba13caca56d3c7d2b143eb32f6970 Python-2.7.18.tar.xz http://www.python.org/ftp/python/2.7.18/
Index: package/qt/qt/qt.desc
===================================================================
--- package/qt/qt/qt.desc (revision 51065)
+++ package/qt/qt/qt.desc (working copy)
@@ -29,8 +29,8 @@
[L] GPL
[S] Stable
-[V] 3.3.8
+[V] 3.3.8b
[P] X -----5---9 127.000
[CV-FLAGS] ODD-STABLE
-[D] 2574457933 qt-x11-free-3.3.8.tar.bz2 ftp://ftp.trolltech.com/qt/source/
+[D] 09f7de9411257e4fb294ae35ff368407f779f9cb0309b463047e4813 qt-x11-free-3.3.8b.tar.gz https://download.qt.io/archive/qt/3/
Index: package/security/cyrus-sasl2/cyrus-sasl2.desc
===================================================================
--- package/security/cyrus-sasl2/cyrus-sasl2.desc (revision 51065)
+++ package/security/cyrus-sasl2/cyrus-sasl2.desc (working copy)
@@ -28,8 +28,8 @@
[L] OpenSource
[S] Stable
-[V] 2.1.25
+[V] 2.1.27
[P] X -----5---9 114.200
[CV-FLAGS] ODD-STABLE
-[D] 3285413591 cyrus-sasl-2.1.25.tar.gz ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/
+[D] fd219709f0d0cfa6beae30c7e9ef29f25a961132acb6d9feb594092e cyrus-sasl-2.1.27.tar.gz ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/
Index: package/x86/efivar/efivar.desc
===================================================================
--- package/x86/efivar/efivar.desc (revision 51065)
+++ package/x86/efivar/efivar.desc (working copy)
@@ -32,7 +32,7 @@
[O] var_append makeopt ' ' 'CC_FOR_BUILD=$CC CCLD_FOR_BUILD=cc'
[O] var_append makeinstopt ' ' 'LIBDIR=$libdir'
-[O] var_append GCC_WRAPPER_APPEND ' ' '-Wno-error=address-of-packed-member'
-[O] var_append SYSCC_WRAPPER_APPEND ' ' '-Wno-error=address-of-packed-member'
+[O] var_append GCC_WRAPPER_APPEND ' ' '-Wno-error=address-of-packed-member -flto-partition=none'
+[O] var_append SYSCC_WRAPPER_APPEND ' ' '-Wno-error=address-of-packed-member -flto-partition=none'
[D] df6ebd01f91cc18fbdb24865c64d2391e1b5a851143752e1c293e872 efivar-37.tar.bz2 https://github.com/rhboot/efivar/releases/download/37/
Index: package/x86/grub2/grub2.conf
===================================================================
--- package/x86/grub2/grub2.conf (revision 51065)
+++ package/x86/grub2/grub2.conf (working copy)
@@ -13,8 +13,6 @@
# GNU General Public License can be found in the file COPYING.
# --- T2-COPYRIGHT-NOTE-END ---
-export PYTHON=python2
-
grub_postmake() {
mkdir -p $root/boot/grub2
cp docs/grub.cfg $root/boot/grub2/grub.cfg.example
Index: target/generic/pkgsel/20-minimal.in
===================================================================
--- target/generic/pkgsel/20-minimal.in (revision 51065)
+++ target/generic/pkgsel/20-minimal.in (working copy)
@@ -69,6 +69,7 @@
X rpcbind
X libtirpc
X keyutils
+X rpcsvc-proto
X nfs-utils
X netkit-telnet
X vim
-----------------------------------------------------------
If you wish to unsubscribe from this mailing, send mail to
li...@t2-project.org with a subject of: unsubscribe t2
