nettle 3.4.1 is a requirement for gnutls 3.6.5
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
From the release notes:
This release of wolfSSL includes a fix for 1 security vulnerability.
Medium level fix for potential cache attack with a variant of
Bleichenbacher’s attack. Earlier versions of wolfSSL leaked PKCS #1 v1.5
padding information during private key decryption that could lead to a
potential padding oracle attack. It is recommended that users update to the
latest version of wolfSSL if they have RSA cipher suites enabled and have
the potential for malicious software to be ran on the same system that is
performing RSA operations. Users that have only ECC cipher suites enabled
and are not performing RSA PKCS #1 v1.5 Decryption operations are not
vulnerable. Also users with TLS 1.3 only connections are not vulnerable to
this attack. Thanks to Eyal Ronen (Weizmann Institute), Robert Gillham
(University of Adelaide), Daniel Genkin (University of Michigan), Adi Shamir
(Weizmann Institute), David Wong (NCC Group), and Yuval Yarom (University of
Adelaide and Data61) for the report.
The paper for further reading on the attack details can be found at
http://cat.eyalro.net/cat.pdf
Drop now upstreamed patch.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- libbsd is now an optional dependency as HAVE_ARC4RANDOM_BUF is not
always defined since version 2.7.1 and:
c73ef6e69b
- openssl is an optional dependency since version 2.7.0 and:
e5a5617a7c
- libiconv is an optional dependency since version 2.7.1 and:
6209991d6b
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
On certain architectures (namely Sparc), the maximum baud rate exposed
by the kernel headers is B2000000. Therefore, the current libserial
code doesn't build for the Sparc and Sparc64 architectures due to
this.
In order to address this problem, this patch tests the value of
__MAX_BAUD. If it's higher than B2000000 then we assume we're on an
architecture that supports all baud rates up to B4000000. Otherwise,
we simply don't support the baud rates above B2000000.
Fixes build failures such as:
SerialPort.cpp: In member function 'int LibSerial::SerialPort::Implementation::GetBitRate(const LibSerial::BaudRate&) const':
SerialPort.cpp:1226:14: error: 'BAUD_2000000' is not a member of 'LibSerial::BaudRate'
case BaudRate::BAUD_2000000:
Fixes:
- http://autobuild.buildroot.org/results/63ba95b6786464fa8e75af64593010df84530079
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The start-stop-daemon invocation to start abrmd was missing the -m (make
pidfile) option, causing stop to fail.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The configure script passes -U FORTIFY_SOURCE -D FORTIFY_SOURCE=2 by
default, which conflicts with BR2_FORTIFY_SOURCE_1 as -Werror is used:
<cross>-gcc .. -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 .. -D_FORTIFY_SOURCE=1
<command-line>:0:0: error: "_FORTIFY_SOURCE" redefined [-Werror]
Disable this so the FORTIFY_SOURCE flags in TARGET_CFLAGS (if any) is used
instead.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Stack protection is now controlled Buildroot wide with the BR2_SSP_*
options, so disable the explicit -fstack-protector-all so the SSP logic in
the toolchain wrapper is used instead.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Building with --enable-hardening (the default), forces -fstack-protector-all
/ FORTIFY_SOURCE=2. These options are now controlled Buildroot wide with
the BR2_SSP_* / BR2_FORTIFY_SOURCE_* options. Disable hardening so the
ssp/fortify settings in the toolchain wrapper / CFLAGS is used instead.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The configure script passes -U FORTIFY_SOURCE -D FORTIFY_SOURCE=2 by
default, which conflicts with BR2_FORTIFY_SOURCE_1 as -Werror is used:
<cross>-gcc .. -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 .. -D_FORTIFY_SOURCE=1
<command-line>:0:0: error: "_FORTIFY_SOURCE" redefined [-Werror]
Disable this so the FORTIFY_SOURCE flags in TARGET_CFLAGS (if any) is used
instead.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Stack protection is now controlled buildroot wide with the BR2_SSP_*
options, so disable the explicit -fstack-protector-all so the SSP logic in
the toolchain wrapper is used instead.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
In 2.56.1 (when tested in a namespace sandbox that restricted what
the build could see on the host system), it was discovered that the
glib-networking build would check in /etc for the Certificate Authority
files. The newer version of this package no longer tests the build time
location of the Certificate Authority and resolves these build failures.
Fixes:
http://autobuild.buildroot.net/results/8f8/8f83be0c21c21c07d5a7330f3626b739b1970625
(and others http://autobuild.buildroot.net/?reason=glib-networking-2.56.1)
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The build fails because $(TARGET_DIR)/bin folder may not exist if for
example to use the following defconfig:
BR2_x86_64=y
BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_16=y
BR2_SYSTEM_BIN_SH_DASH=y
BR2_TARGET_GENERIC_GETTY_PORT="tty1"
BR2_LINUX_KERNEL=y
BR2_LINUX_KERNEL_CUSTOM_VERSION=y
BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.16.7"
BR2_LINUX_KERNEL_USE_CUSTOM_CONFIG=y
BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE="board/qemu/x86_64/linux.config"
BR2_PACKAGE_BUSYBOX_SHOW_OTHERS=y
BR2_PACKAGE_S6_LINUX_INIT=y
BR2_TARGET_ROOTFS_EXT2=y
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
[Peter: use install -D]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This package contains a set of tools to manipulate RTC devices. They
are written and maintained by the RTC subsystem Linux kernel
maintainer, Alexandre Belloni.
Cc: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
As suggested by Arnout, add a comment to indicate that the version of
python-setuptools must be kept in sync with python3-setuptools.
Suggested-by: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Currently, our commit titles are not very well standardized, and it
would be great to standardize them a little bit more. A number of
people use "<pkg>: " as prefix, others use "package/<pkg>: ". Some
people start the rest of the commit title (after the prefix) with an
upper-case letter, some with a lower-case letter.
In an attempt to standardize this, this commit updates the manual with
some examples of good commit titles.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: Carlos Santos <casantos@datacom.com.br>
Acked-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes CVE-2018-1000858: Cross Site Request Forgery with arbitrary HTTPS
GET requests via HTTP redirect.
https://sektioneins.de/en/advisories/advisory-012018-gnupg-wkd.html
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The syscfg header name is now based on the target triplet, with the
vendor part set to "unknown". The symlink approach no longer works since
we use "buildroot" for the vendor part. Override the target host
configure parameter to match the build system expectation.
The x86 header vendor part has been renamed to "unknown" as well.
Account for that in BR2_PACKAGE_LIBGPG_ERROR_SYSCFG.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Update hash for COPYING because a typo was fixed:
de46ee648a
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Remove upstream patch.
While at it, switch to https.
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Drop statx patch as it's included in this release.
Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
uclibc on m68k defines pthread_spinlock_t but does not define
pthread_spin_trylock so check for this function before using it
Fixes:
- http://autobuild.buildroot.org/results/0a6de11c030a4f39e402917809fc6d33fb463d1b
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The meson C++ dependency is only used for a build-time header
inclusion test, add patch dropping hard meson C++ dependency
and build the header inclusion test only in case C++ compiler
is available.
Fixes [1]:
The Meson build system
Version: 0.49.0
Source dir: .../build/libinput-1.12.5
Build dir: .../build/libinput-1.12.5/build
Build type: cross build
Project name: libinput
Project version: 1.12.5
Native C compiler: cc (gcc 4.8.4 "cc (Ubuntu 4.8.4-2ubuntu1~14.04.4) 4.8.4")
Cross C compiler: .../host/bin/riscv64-buildroot-linux-gnu-gcc (gcc 7.4.0)
meson.build:1:0: ERROR: Unknown compiler(s): [['.../host/bin/riscv64-buildroot-linux-gnu-g++']]
The follow exceptions were encountered:
Running ".../host/bin/riscv64-buildroot-linux-gnu-g++ --version" gave "[Errno 2] No such file or directory: '.../host/bin/riscv64-buildroot-linux-gnu-g++': '.../host/bin/riscv64-buildroot-linux-gnu-g++'"
[1] http://autobuild.buildroot.net/results/bf4d3d360f635c3524a52b84a72d558770596ed0
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes CVE-2018-20685: The scp client allows server to modify permissions
of the target directory by using empty ("D0777 0 \n") or dot ("D0777 0
.\n") directory name.
The bug reporter lists a number of related vulnerabilities that are not
fixed yet:
https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Since the bump to 1.5.3, the behavior of pkg-config has slightly
changed. Like it used to behave before this bump, a few paths (libdir,
includedir, etc.) are prefixed by the sysroot, and other paths are
not. However, the behavior changes when a path, such as dridriverdir,
is defined in terms of ${libdir}.
With the older pkg-config, dridriverdir was not sysroot-prefixed.
With the new pkg-config, it will be sysroot-prefixed, because
pkg-config really resolved the value of libdir, which is
sysroot-prefixed. dridriverdir is used on the target and not at build
time, so we don't want it to be sysroot-prefixed.
As reported by #11591, the xerver fail to load dri modules (r600_dri.so):
>From Xorg.0.log:
(EE) AIGLX error: dlopen of /full/path/to/sysroot/usr/lib/dri/r600_dri.so failed (/full/path/to/sysroot/usr/lib/dri/r600_dri.so: cannot open shared object file: No such file or directory)
(II) GLX: no usable GL providers found for screen 0
That's because the xserver hardcode the dri divers directory path in
DRI_DRIVER_PATH which come from
dridriverdir=`$PKG_CONFIG --variable=dridriverdir dri`
We can see in dri.pc that dridriverdir use libdir which is now prefixed
by the sysroot by pkgconf 1.5.3:
prefix=/usr
exec_prefix=/usr
libdir=${exec_prefix}/lib
includedir=${prefix}/include
dridriverdir=${libdir}/dri
Since we can't rely on pkgconf anymore, use
--with-dri-driverdir="/usr/lib/dri" to use explicitly "/usr/lib/dri"
instead of relying on dri.pc.
Tested using TestGlxinfo test from:
http://patchwork.ozlabs.org/patch/1021669/
Fixes:
https://bugs.buildroot.org/show_bug.cgi?id=11591
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Bernd Kuhls <bernd.kuhls@t-online.de>
[Thomas: drop double quotes in path, rework commit log]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Move site to github
- Add gcc >= 5 dependency for C++14:
cafeffaa60
- Remove first patch and use --without-python instead
- Remove second patch (patch has been merged in 2015:
47ca0621cc)
- Add a new patch to fix build when size_t is an unsigned int
- Use new --disable-tests option
- Update license to BSD-3-Clause and replace COPYING by LICENSE.txt:
3f12abc045
- Add hash for license file
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Remove patch (rejected upstream:
https://gitlab.com/muttmua/mutt/merge_requests/25), an other solution
has been preferred:
78db40f25c). This
other solution doesn't require pkg-config, so we can drop the
host-pkgconf dependency.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Ryan Barnett <ryan.barnett@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Building python-numpy on ARC with glibc fails due to missing FE_*
definitions in <fenv.h>. These exceptions are not supported by
ARC architecture. Let's add patch, which disables compilation
of a part of the code in which FE_* errors occur for ARC.
ARCompact toolchain issues are already fixed in the latest toolchain.
Also since commit "311af5e8c2db887800639bc803c8201b6b70e9ce"
("toolchain/toolchain-buildroot: enable glibc for all little-endian
ARCs with atomic ops") glibc is available for ARCompact.
That is why in Config.in we are leaving only "BR_arc" and
removing comments, which are not actual.
Signed-off-by: Evgeniy Didin <didin@synopsys.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: arc-buildroot@synopsys.com
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The zbar upstream previously used has been abandoned since 2012.
The linuxtv fork appears to be the most actively maintained fork.
Removed all patches which are merged upstream or fixed upstream.
Changed configure flags to match new upstream.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
