During linking one OpenSSL dependecy is missing(-latomic) on linking
library list.
- Substitute explicit library list with `pkg-config libssl` when
BR2_PACKAGE_OPENSSL is enabled. In such way all needed libraries
will be included in linking list.
- Add also `host-pkgconf` to CIVETWEB_DEPENDENCIES if
BR2_PACKAGE_OPENSSL is enabled to make it available for previous
point.
Fixes:
http://autobuild.buildroot.net/results/b2e210bdefe84f4ec9cfda79a33d81788fb7e66c/
Signed-off-by: Giulio Benetti <giulio.benetti@micronovasrl.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Library and utility for TOTP based attestation using the tpm2-tss software
stack.
Add an upstream patch to fix format string mismatch errors when building for
32bit architectures.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
tss2-esys.pc contains a hardcoded -lgcrypt even though the openssl crypto
backend (as in Buildroot) may be used, leading to linker errors when using
esys.
Given that tpm2-tss doesn't allow static linking, there is no need to
explicitly list the crypto library dependency.
Cherry pick an upstream patch to fix this. Notice that the upstream patch
also changes the default crypto backend to openssl. As this isn't stricly
needed (we explicitly configure for openssl) and requires autoreconv, drop
the configure.ac hunk from the patch.
https://github.com/tpm2-software/tpm2-tss/pull/1173
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The license contains the "no endorsement" clause, so it should be listed as
BSD-3-Clause:
* Neither the name of Intel Corporation nor the names of its contributors
may be used to endorse or promote products derived from this software
without specific prior written permission.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
When static linking some dependency library can be missing
(i.e. -latomic for -lcrypto) on linking libraries list. This is
because when static linking libraries dependencies are not
transparently linked into binary.
To avoid moving libraries before/after one another or add new ones
that are not needed at all in the dynamic linking case, we use `pkg-config --libs
LIBRARY` where LIBRARY is the library we "probe" for its existence and
dependency.
In this commit, we:
- Remove 0005-fix-static-link-zlib.patch where -lcrypto and -lz were
swapped, as it is no longer needed thanks to the following point.
- Replace it with 0005-Use-pkgconf-to-get-libs-deps.patch where
-lcrypto has been substituted with `pkg-config --libs libcrypto`
- Add host-pkgconf to ANDROID_TOOLS_DEPENDENCIES
Fixes:
http://autobuild.buildroot.net/results/d3d6679cfc8afe4467368bd3d31483172c1032de/
Signed-off-by: Giulio Benetti <giulio.benetti@micronovasrl.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes the following security issues:
* CVE-2019-3836: It was discovered in gnutls before version 3.6.7 upstream
that there is an uninitialized pointer access in gnutls versions 3.6.3 or
later which can be triggered by certain post-handshake messages
* CVE-2019-3829: A vulnerability was found in gnutls versions from 3.5.8
before 3.6.7. A memory corruption (double free) vulnerability in the
certificate verification API. Any client or server application that
verifies X.509 certificates with GnuTLS 3.5.8 or later is affected.
3.6.7.1 is identical to 3.6.7, but fixes a packaging issue in the release
tarball:
https://lists.gnutls.org/pipermail/gnutls-devel/2019-April/013086.html
HTTP URLs changed to HTTPS in COPYING, so update license hash.
Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
gst1-plugins-good is built with --disable-qt option, so qmlgl plugin
is disabled. Add an option to enable it, allowing to use the qmlglsrc
and qmlglsink GStreamer elements.
Signed-off-by: Iñigo Huguet <inigohuguet@fanamoel.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Containerd is no longer maintained under the docker github project and now
has an official website, so refer to that in the help text.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Contains a number of bugfixes. For more details, see the announcement:
https://github.com/containerd/containerd/releases/tag/v1.2.5
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This reverts commit 905e976a6a.
With the bump to 1.0.0-rc7, runc no longer needs O_TMPFILE.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This reverts commit ce76a98902.
With the bump to 1.0.0-rc7, runc no longer needs O_TMPFILE.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This includes an improved fix for CVE-2019-5736 without the ~10MB memory
overhead per container and with fallback code using mkostemp(3) when
O_TMPFILE isn't available.
For more details, see the announcement:
https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc7
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Changelog: https://www.php.net/ChangeLog-7.php#7.3.4
Fixes these bugs, CVE-ID were not assigned yet:
Fixed bug #77753 (Heap-buffer-overflow in php_ifd_get32s).
Fixed bug #77831 (Heap-buffer-overflow in exif_iif_add_value).
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Both patches are already included (a bit earlier in the file) in version
2.0.12, so drop the patches.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This should fix a kernel 5.x.x compatibility issue.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Since:
58187329ad
gettext macrosesss are used by default (if no LIBINTL_NO_MACROS is
included in CPPFLAGS). It causes packages such as libglib2 to fail
building with argument format errors because in case of error the
formatted string is passed as argument.
Fix it by prevent the installation of libintl.h header from
gettext-tiny by passing LIBINTL=NONE, because each kind of toolchain
already provides gettext stubs. Also with this change the following
patch is not needed:
0001-libintl-Fix-format-not-a-string-literal-error-for-gc.patch
Fixes:
http://autobuild.buildroot.net/results/89fcc4e80ea8c031c1abb350362c19c57eb80e7c/http://autobuild.buildroot.net/results/84f3eb70fc1c58986dfa7c79d45aaabdf4c011cf/
and a lot other autobuild reports.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
since version 1.7, coxpcall is only required with Lua 5.1
see, https://github.com/keplerproject/wsapi/pull/41
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Actually build fails with musl libc due to missing header inclusion
<unistd.h> (usually included by stdlib.h) in package code which in order
contains type definition of ssize_t.
A Git repository has been setted up for this project as upstream, and
contains a commit which solves build failure removing the use of ssize_t
at all.
No other http tarballs have been released on current site, so
development seems to continue on Git repository.
- Set SITE_METHOD = git
- Switch site to: https://gitlab-ext.sigma-chemnitz.de/ensc/bayer2rgb
- Bump version to latest commit to include commit which fixes build
failure.
Fixes:
http://autobuild.buildroot.net/results/c84/c84b65642cb1b2d246f3a92ac957af5c5fcb86e8/
Signed-off-by: Giulio Benetti <giulio.benetti@micronovasrl.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Switch site to gitlab
- Remove second patch (already in version)
- Use new --{with,without}-usb option
- Add hash for license file
- Fix CVE-2017-6318
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Switch site to github
- Drop all patches (already in version or not needed anymore)
- Switch to autotools infrastructure
- Add hash for license file
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Include upstream commit 193f1e8 "glob: Do not assume glibc glob
internals". Without this if building glibc with host-make it will fail
with a segfault in make:
>>> glibc glibc-2.28-69-g1e5c5303a522764d7e9d2302a60e4a32cdb902f1 Building
PATH="/scratch/builds/host-make/host/bin:/scratch/builds/host-make/host/sbin:/home/sam/bin:/home/sam/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games" /scratch/builds/host-make/host/bin/host-make -j25 -C /scratch/builds/host-make/build/glibc-glibc-2.28-69-g1e5c5303a522764d7e9d2302a60e4a32cdb902f1/build
/scratch/builds/host-make/host/bin/host-make -r PARALLELMFLAGS="" -C /scratch/builds/host-make/build/glibc-glibc-2.28-69-g1e5c5303a522764d7e9d2302a60e4a32cdb902f1 objdir=`pwd` all
Segmentation fault (core dumped)
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Remove all patches (already in version)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Remove all patches (already in version)
- Drop AUTORECONF as configure.ac is not patched anymore
- Add hash for license file
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Remove all patches (already in version)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Oniguruma is a modern and flexible regular expressions
library. It encompasses features from different regular
expression implementations that traditionally exist in
different languages.
https://github.com/kkos/oniguruma
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
tpm2-tools does not need dbus or libglib2, so remove them and the
corresponding toolchain dependencies.
The confusion may have come from the upstream travis configuration, which
also builds tpm2-abrmd (which uses dbus+libglib2).
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
There is no need for language translaion feature for the host
packages, anyway some of them disable it explicitly, so lets do it
automatically at least for the host-autotools- kind of packages.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Some packages (i.e. rygel) uses the msgfmt tool with its --template
option. However, the current version of gettext-tiny (0.3.1) doesn't
support --template flag and exits giving: "fopen: No such file or
directory".
In upstream gettext-tiny they have added support for --template after
lots of modifications, so it's hard to produce a patch to be applied
against 0.3.1. Therefore, we bump the version to the latest master
branch commit.
Fixes:
http://autobuild.buildroot.net/results/77b1854c914915d3205d915a0f01001f6f3555df/
Signed-off-by: Giulio Benetti <giulio.benetti@micronovasrl.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Library for using PKCS#11, which includes an engine for OpenSSL that
lets it use PKCS#11 modules. Which is really what this package is
about, not that libp11 library itself, which has no users outside the
of OpenSSL engine.
If p11-kit is enabled, configure the engine to use that as the default
PKCS#11 module. That module is a sort of multiplexer that allows
multiple modules to be used at once, so it makes sense to use it even
if there are other modules present, e.g. softhsm2, nssckbi,
pkcs11-proxy, ykcs11, etc.
A host package is created too, with a host configuration option.
Since this a dynamically loaded module, there is no build time reason
to select it from a host package. It could be used by host openssl,
to allow host rauc to sign a software update bundle using a key from a
HSM with a PKCS#11 interface.
Signed-off-by: Trent Piepho <tpiepho@impinj.com>
Tested-by: Frank Hunleth <fhunleth@troodon-software.com>
[Thomas:
- add entry in DEVELOPERS file
- add missing !BR2_STATIC_LIBS dependency
- fix license information, as noticed by Frank Hunleth
- add missing dependency on host-pkgconf, needed by the configure
script to detect openssl
- explicitly pass --with-enginesdir as the value returned by
pkg-config is incorrectly prefixed by the sysroot]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Why do things simply, when we can do it complicated?
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
http://libcamera.org/
Cameras are complex devices that need heavy hardware image processing
operations. Control of the processing is based on advanced algorithms
that must run on a programmable processor. This has traditionally been
implemented in a dedicated MCU in the camera, but in embedded devices
algorithms have been moved to the main CPU to save cost. Blurring the
boundary between camera devices and Linux often left the user with no
other option than a vendor-specific closed-source solution.
To address this problem the Linux media community has very recently
started collaboration with the industry to develop a camera stack that
will be open-source-friendly while still protecting vendor core IP.
libcamera was born out of that collaboration and will offer modern
camera support to Linux-based systems, including traditional Linux
distributions, ChromeOS and Android.
The project has not made an official release as of yet, so we're
using the latest sha1 from master
We utilise C++ 11 but we mandate GCC5+ due to a bug [0] in earlier
versions which result in compile failures on our code base.
[0] Bug 54316 - [C++11] move constructor for stringstream
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=54316
Documentation and Tests are disabled from the build.
With the following added to libcamera.config:
BR2_ROOTFS_DEVICE_CREATION_DYNAMIC_EUDEV=y
BR2_PACKAGE_LIBCAMERA=y
./utils/test-pkg -c libcamera.config -p libcamera
br-arm-full [1/6]: SKIPPED
br-arm-cortex-a9-glibc [2/6]: OK
br-arm-cortex-m4-full [3/6]: SKIPPED
br-x86-64-musl [4/6]: OK
br-arm-full-static [5/6]: SKIPPED
sourcery-arm [6/6]: SKIPPED
Signed-off-by: Kieran Bingham <kieran.bingham@ideasonboard.com>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
[Thomas:
- add missing Config.in comment
- remove empty newline at end of hash file
- adjust indentation of upstream URL in Config.in help text]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
