Gnutls is building with no default location to look for CA certs. Since
there are buildroot packages to provide these, configure it to use them
by default.
Configure gnutls to find them using the bundle file which contains all
certs, rather than looking in the cert directory. When gnutls is told
to use the directory, it loads *every* file in it. This means it loads
the bundle with all certs, then loads each cert a second time using the
individual pem files, and then loads them all the third time via the
hash symlinks to the pem files.
When p11-kit is enabled, use its trust module instead of the bundle
file. p11-kit can be configured to use the bundle (the default), but it
can do other things too, such as integrate with the "trust" command for
adding and removing trust anchors.
Signed-off-by: Trent Piepho <tpiepho@impinj.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes the following check-package warning:
package/docker-cli/docker-cli.mk:1: should be 80 hashes (http://nightly.buildroot.org/#writing-rules-mk)
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Docker upstream has split the Docker daemon and CLI into separate
codebases:
- github.com/docker/engine: daemon, "dockerd" binary
- github.com/docker/cli: "docker" command line interface
This commit splits the docker-engine package into docker-engine and
docker-cli. Conveniently, the Docker project has begun maintaining
two separate release-tagged repositories for the CLI and daemon as of
v18.06-ce-rc1. Previous versions were tagged in a common "docker-ce"
repository which makes compilation awkward for Buildroot, especially
due to some limitations in the new Go package infrastructure.
Docker repositories "engine" and "cli" recently started tagging
releases. Select the latest stable release, v18.09.0.
The CLI is no longer automatically included with the engine. Users
will need to select BR2_PACKAGE_DOCKER_CLI to produce a both docker
and dockerd target binaries.
Docker CLI can be statically compiled. This enables usage of the
system docker client binary to access the parent daemon API from
within containers, where shared libraries are not available.
While at it, drop the useless host-go dependency from docker-engine,
since it's already added by the golang-package infrastructure.
Signed-off-by: Christian Stewart <christian@paral.in>
[Thomas: drop the host-go dependency from both docker-cli and
docker-engine]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This commit extends the scancpan script to automatically generate a
test for the Perl module, either if the Perl module uses native
library, or if it has more than one dependency.
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This commit backports an upstream patch that fixes the build of
dt-utils with glibc 2.28+.
Fixes bug #11536.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
fstatfs/statfs on aarch64 seems broken, add a patch from uClibc-ng
upstream git to fix it.
Signed-off-by: Waldemar Brodkorb <wbx@openadk.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This bump also includes the fix for CVE-2018-6556 released in 3.0.2 via
commit "CVE 2018-6556: verify netns fd in lxc-user-nic": lxc-user-nic
when asked to delete a network interface will unconditionally open a
user provided path:
c1cf54ebf2
This code path may be used by an unprivileged user to check for the
existence of a path which they wouldn't otherwise be able to reach. It
may also be used to trigger side effects by causing a (read-only) open
of special kernel files (ptmx, proc, sys).
Also add a dependency on gcc >= 4.7
(https://github.com/lxc/lxc/issues/2592)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This reverts commit 178eb1d7ea. This
bump causes too many build failures in reverse dependencies of
libglib2, for which a proper solution needs to be found.
See also the analysis from Yann E. Morin:
http://lists.busybox.net/pipermail/buildroot/2018-December/237663.html
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Update second patch
- Remove third and fifth patches (already in version)
- Add a new patch to fix a missing header
- Add LIBGLIB2_GTK_DOC_HOOK so autoreconf do not fail on the following
error:
automake: error: cannot open < gtk-doc.make: No such file or directory
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
realpath is missing on oldish distributions, like Debian 7, which is
still used in the wild.
Use readlink instead; that has been available since the dawn of ages now
(well, coreutils had it in 2003).
Reported-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
libtorrent is a feature complete C++ bittorrent implementation
focusing on efficiency and scalability.
https://www.libtorrent.org/
Signed-off-by: Philipp Richter <richterphilipp.pops@gmail.com>
[Thomas: license is BSD-3c, not BSD-2c]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Currently, luarocks.mk generates a configuration file with hardcoded
STAGING_DIR, TARGET_DIR, TARGET_CC, LUAROCKS_CFLAGS and TARGET_LDFLAGS
values. This is not compatible with per-package directories, where the
value of STAGING_DIR, TARGET_DIR, TARGET_CC and possibly
TARGET_CFLAGS/TARGET_LDFLAGS may be different from one package to the
other.
Based on input from François Perrad, this commit:
- Changes the Luarocks configuration file to use os_getenv() for the
appropriate variables. Since the contents of this file is not
fixed, it is no longer generated by luarocks.mk using a series of
'echo' but simply concatenated with the rest of the Luarocks
configuration file.
- Adjusts LUAROCKS_RUNV_ENV so that the necessary environment
variables are now passed.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Acked-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Some filesystems may want to tweak their output names, rather than using
the fixed "rootfs.foo" scheme. Add a ROOTFS_FOO_IMAGE_NAME variable for
this purpose.
Signed-off-by: Carlos Santos <casantos@datacom.com.br>
[yann.morin.1998@free.fr: fix the patch]
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Remove all patches except the first one as they are already in this
version
- Remove AUTORECONF = YES as we're not patching any *.ac files anymore
- Disable new nhrpd option
- Add hash for license file
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
c-ares has a LICENSE.md file since version 1.12 and
4e861351d9
So use it instead of one of the source file and add its hash
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
c-ares has a LICENSE.md file since version 1.12 and
4e861351d9
So use it instead of one of the source file and add its hash
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Archive file name changed from msgpack-python to msgpack
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Since bump to version 0.99.21 and commit
b20c77321f, BR2_PACKAGE_QUAGGA_TCP_ZEBRA
has been wrongly rename into BR2_PACKAGE_QUAGGA_TCP_ZERBRA
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The 2016.05-06 toolchain we've had support for is pretty outdated at
this point, so update to the latest 2018.09-02 version.
Of note besides the typical component version bumps:
- The toolchains are now provided by MIPS Tech LLC after its departure
from Imagination Technologies.
- The download site changed as a result of that.
- The toolchains are now built targeting CentOS 6 rather than CentOS 5.
Signed-off-by: Paul Burton <paul.burton@mips.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The 2016.05-06 toolchain we've had support for is pretty outdated at
this point, so update to the latest 2018.09-02 version.
Of note besides the typical component version bumps:
- The toolchains are now provided by MIPS Tech LLC after its departure
from Imagination Technologies.
- The download site changed as a result of that.
- The toolchains are now built targeting CentOS 6 rather than CentOS 5.
Signed-off-by: Paul Burton <paul.burton@mips.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes the following security vulnerability:
CVE-2018-19591: A file descriptor leak in if_nametoindex can lead to a
denial of service due to resource exhaustion when processing getaddrinfo
calls with crafted host names. Reported by Guido Vranken.
Adhemerval Zanella (2):
Fix misreported errno on preadv2/pwritev2 (BZ#23579)
x86: Fix Haswell CPU string flags (BZ#23709)
Alexandra Hájková (1):
Add an additional test to resolv/tst-resolv-network.c
Andreas Schwab (2):
Fix stack overflow in tst-setcontext9 (bug 23717)
libanl: properly cleanup if first helper thread creation failed (bug 22927)
DJ Delorie (2):
malloc: tcache double free check
malloc: tcache double free check
Florian Weimer (9):
conform: XFAIL siginfo_t si_band test on sparc64
stdlib/test-bz22786: Avoid spurious test failures using alias mappings
stdlib/test-bz22786: Avoid memory leaks in the test itself
support_blob_repeat: Call mkstemp directory for the backing file
stdlib/tst-strtod-overflow: Switch to support_blob_repeat
nscd: Fix use-after-free in addgetnetgrentX [BZ #23520]
support: Print timestamps in timeout handler
Revert "malloc: tcache double free check" [BZ #23907]
CVE-2018-19591: if_nametoindex: Fix descriptor for overlong name [BZ #23927]
H.J. Lu (2):
i386: Use _dl_runtime_[resolve|profile]_shstk for SHSTK [BZ #23716]
Check multiple NT_GNU_PROPERTY_TYPE_0 notes [BZ #23509]
Ilya Yu. Malakhov (1):
signal: Use correct type for si_band in siginfo_t [BZ #23562]
Istvan Kurucsai (1):
malloc: Additional checks for unsorted bin integrity I.
Joseph Myers (2):
Update syscall-names.list for Linux 4.18.
Update kernel version in syscall-names.list to 4.19.
Moritz Eckert (1):
malloc: Mitigate null-byte overflow attacks
Paul Eggert (1):
Fix tzfile low-memory assertion failure
Paul Pluzhnikov (2):
Fix BZ#23400 (creating temporary files in source tree), and undefined behavior in test.
[BZ #20271] Add newlines in __libc_fatal calls.
Pochang Chen (1):
malloc: Verify size of top chunk.
Rafal Luzynski (1):
kl_GL: Fix spelling of Sunday, should be "sapaat" (bug 20209).
Stefan Liebler (2):
Fix race in pthread_mutex_lock while promoting to PTHREAD_MUTEX_ELISION_NP [BZ #23275]
Test stdlib/test-bz22786 exits now with unsupported if malloc fails.
Szabolcs Nagy (2):
i64: fix missing exp2f, log2f and powf symbols in libm.a [BZ #23822]
Increase timeout of libio/tst-readline
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
qt5 currently doesn't use HOSTCC/HOSTCXX, so it doesn't use ccache
when building all its host code (especially qmake). This means that
even with ccache enabled and a hot cache, it still takes a long time
to build qt5base.
Before this patch, building qt5base takes:
- 446 seconds with a cold ccache
- 185 seconds with a hot ccache
This is because the ccache is not used for host code.
After this patch, building qt5base takes:
- 450 seconds with a cold ccache
- 15 seconds with a hot ccache
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Mini SNMPd is a minimal implementation targeted at small or embedded
UNIX systems with limited resources.
Signed-off-by: Alexander Sverdlin <alexander.sverdlin@gmail.com>
[Thomas: add hash file.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
