The scp download helper is broken when the server URL starts with 'scp://'.
Such prefix is used in two situations:
1. to let FOO_SITE point to an scp location without explicitly having to set
'FOO_SITE_METHOD = scp'
2. when BR2_PRIMARY_SITE or BR2_BACKUP_SITE points to an scp location. In
this case, there is no equivalent of 'SITE_METHOD'.
Strip out the scheme prefix, similarly to how the 'file' download helper
does it. That helper has the same cases as above.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The latest (0.17.4) tn5250 release is from 2008, doesn't build with openssl
1.1.x and was dropped from Debian in 2011 because nobody cared to maintain
it:
https://packages.qa.debian.org/t/tn5250.html
Given all of that, it is unlikely to be used much, so remove it.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Acked-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
* CVE-2019-3814: If imap/pop3/managesieve/submission client has
trusted certificate with missing username field
(ssl_cert_username_field), under some configurations Dovecot
mistakenly trusts the username provided via authentication instead
of failing.
* ssl_cert_username_field setting was ignored with external SMTP AUTH,
because none of the MTAs (Postfix, Exim) currently send the
cert_username field. This may have allowed users with trusted
certificate to specify any username in the authentication. This bug
didn't affect Dovecot's Submission service.
For more details, see the announcement:
https://www.dovecot.org/list/dovecot-news/2019-February/000394.html
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
For the general case, appending values to variables is OK and also a
good practice, like this:
|PACKAGE_VAR = value1
|ifeq ...
|PACKAGE_VAR += value2
or this, when the above is not possible:
|PACKAGE_VAR = value1
|ifeq ...
|PACKAGE_VAR := $(PACKAGE_VAR), value2
But this override is an error:
|PACKAGE_VAR = value1
|PACKAGE_VAR = value2
as well this one:
|ifeq ...
|PACKAGE_VAR += value1
|endif
|PACKAGE_VAR = value2
And this override is error-prone:
|PACKAGE_VAR = value1
|ifeq ...
|PACKAGE_VAR = value2
Create a check function to warn about overridden variables.
Some variables are likely to have a default value that gets overridden
in a conditional, so ignore them. The name of such variables end in
_ARCH, _CPU, _SITE, _SOURCE or _VERSION.
After ignoring these variable names, there are a few exceptions to this
rule in the tree. For them use the comment that disables the check.
Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Cc: Simon Dawson <spdawson@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Tested-by: Titouan Christophe <titouan.christophe@railnova.eu>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When building statically zbar, build fails on:
configure: error: unable to find libv4l.so
The following errors are raised in config.log:
configure:19371:
/home/buildroot/buildroot-test/instance-0/output/host/bin/arm-linux-gcc -o conftest -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -O2 -g2 -static -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -static conftest.c -lv4l2 -lpthread >&5
/home/buildroot/buildroot-test/instance-0/output/host/arm-buildroot-linux-uclibcgnueabi/sysroot/usr/lib/libv4l2.a(libv4l2_la-libv4l2.o): In function `v4l2_set_src_and_dest_format':
/home/buildroot/buildroot-test/instance-0/output/build/libv4l-1.16.2/lib/libv4l2/libv4l2.c:952: undefined reference to `v4lconvert_supported_dst_format'
To fix this error, bump to version
57d601e82089f2f31de9e1683c3834f237421f5d to replace AC_CHECK_LIB by
PKG_CHECK_MODULES to find the correct library (-lv4lconvert but also
-ljpeg, ...)
Fixes:
- http://autobuild.buildroot.org/results/acf39e4754508d7ee49e21f08ff0a1fcac4fb7cd
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The patches enable two new API configurations, one for OpenSSL 1.1.x
and the other LibreSSL.
A dependency is added to use the Buildroot host tool openssl to
create headers (dh512.h). This resolves a host OS mismatch with
openssl versions. (The Makefile does this generation as part of
the initial build)
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Patrick Havelange <patrick.havelange@essensium.com>
Signed-off-by: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The password is used in multiple places, so add a constant for it instead of
hardcoding it multiple times.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This patch bumps the Linux CIP version to v4.4.171-cip30 and updates the
download url to the new official one.
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Failure output
SecurityCertificateManager.lo
SecurityCertificateManager.cpp: In static member function 'static void dtn::security::SecurityCertificateManager::validateSubject(X509*, const string&)':
SecurityCertificateManager.cpp:208:53: error: 'memcmp' was not declared in this scope
if(memcmp(utf8_eid, utf8_cert_name, utf8_eid_len) == 0){
Upstream
122fa8ed49
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit f88947c2fe (package/mender: adding systemv init file) added an init
script, but the installation logic referred to S04mender instead of S42mender.
Update the installation logic to match the file name.
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
[Peter: expand commit message description]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Some package builds may fail when environment variables are present with the
same names as make variables in a package. This is a bigger problem for
environment variables with generic names, like 'PLATFORM' and 'OS'.
'PLATFORM' is for example a problem for host-acl.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This patch adds a readme file with basic instructions to get mender up
and running on a production system.
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Acked-by: <aduskett@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
In order to have the mender package working out of the box, the
/etc/mender/device_type should be present and should contain a
valid device_type value.
This patch provides a default file that can be overridden easily
from an overlay.
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Acked-by: <aduskett@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
In order to have the mender package working out of the box, the
/etc/mender/artifact_info should be present and should contain a
valid artifact_name value.
This patch provides a default file that can be overridden easily
from an overlay.
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Acked-by: <aduskett@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This patch adds a service file for the init system v.
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Acked-by: <aduskett@gmail.com>
Reviewed-by: Titouan Christophe <titouan.christophe@railnova.eu>
[Peter: fix typo in stop()]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Mender needs /var/lib/mender to be writable at the service start, the
path is hardcoded and thus we cannot change it.
This patch solves the problem using the same approach we have for
dropbear.
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Acked-by: <aduskett@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes:
http://autobuild.buildroot.net/results/a5b/a5bd8969c398fc3101ffaec4aa715a827aec5770/http://autobuild.buildroot.net/results/441/44112e8ad03f47125bbf4b231d800ebd5beef24b/
After commit 122089ad (package/netsurf: use TMP_PREFIX inside the build
directory), the build fails with:
COMPILE: src/stylesheet.c
In file included from src/stylesheet.c:12:0:
src/stylesheet.h:14:39: fatal error: libwapcaplet/libwapcaplet.h: No such file or directory
#include <libwapcaplet/libwapcaplet.h>
The reason is that netsurf installs its internal libraries to TMP_PREFIX
during the build, and uses pkg-config to add the correct include/linker
flags when building/linking the rest. Unfortunately this fails badly, as we
prefix STAGING_DIR to the paths returned by pkg-config, causing gcc to fail
to find the header / library files.
This worked (by accident) when we pointed TMP_PREFIX to STAGING_DIR/usr, as
STAGING_DIR/usr/include and STAGING_DIR/usr/lib are in the standard
include/library search paths.
Fix it by adding TMP_PREFIX/include and TMP_PREFIX/lib to the
include/library search paths. We cannot easily add them to CFLAGS/LDFLAGS
as the makefiles do not use override when appending to them, so instead pass
both in CC (which is also used for linking).
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add a branch to the static repo and check on the git refs test case the
download of a git package:
- with a sha1 reachable by a branch name, but not pointed by it, as
version. This is the most common use case for git refs in the tree;
- with a partial sha1 of a commit reachable by a branch as version;
- with a sha1 of the commit head of a branch as version;
- with a partial sha1 of the commit head of a branch as version;
Enforce the download always occurs by removing the BR2_DL_DIR used for
the tarballs generated by the git download infra.
Signed-off-by: Ricardo Martincoski <ricardo.martincoski@datacom.ind.br>
Cc: Arnout Vandecappelle <arnout@mind.be>
Tested-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Some statements are missing their semicolons.
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Acked-by: <angelo@amarulasolutions.com>
Tested-by: <angelo@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
With javascript, when comparing variables, using === instead of ==
is preferred.
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Acked-by: <angelo@amarulasolutions.com>
Tested-by: <angelo@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
In javascript, let is preferred for local, var is preferred for global.
Change any local variables from "var" to "let"
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Acked-by: <angelo@amarulasolutions.com>
Tested-by: <angelo@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Don't override the user-provided ARCH when cross-compiling otherwise
ARCH won't be correct for armv5, aarch64 and x86_64
Fixes:
- http://autobuild.buildroot.org/results/2dfc0e10da25a8382a43557420d7dc3444c02dbb
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- use BR2_TOOLCHAIN_HAS_UCONTEXT
This is used to set -DOPENSSL_NO_ASYNC if needed.
- apply the CFLAGS correctly when compiling with -Os (bugfix).
- use -latomic when needed
This fixes the build for br-sparc-uclibc-2018.05
- don't use madvise() if no MMU
Trying to do so results in undefined reference to madvise() as
it is not available on uclibc without MMU.
The original openssl code checks if a macro used in the madvise call
is defined. The problem comes from the fact that the code in
crypto/mem_sec.c also includes a kernel header defining the same macro
unconditionally. Thus the check is always true in that case.
Upstream: https://github.com/openssl/openssl/pull/8089
- don't compile test/fuzzers
These binaries introduced with 1.1.x sometimes do not compile.
This is the case with the br-arm-cortex-m4-full toolchain
- don't build ocsp daemon if no MMU.
Patch from Richard Levitte.
- correctly enable cryptodev engine
Thanks to Arnout Vandecappelle for spotting this.
- remove all parallel build patches (openssl build-system changed)
- rebased 0001-Dont-waste-time-building-manpages-if-we-re-not-going.patch
to apply to Configurations/unix-Makefile.tmpl (Makefile template)
- removed 0002-cryptodev-Fix-issue-with-signature-generation.patch
(upstream applied)
- rebased 0003-Reproducible-build-do-not-leak-compiler-path.patch to
apply to crypto/build.info (Makefile template)
- fix musl/uclibc build failure, use '-DOPENSSL_NO_ASYNC'
- remove legacy enable-tlsext configure option
- remove target/host libdir configure options, fixes openssl.pc installation
path, fixes wget compile
- change legacy INSTALL_PREFIX to DESTDIR
- remove 'libraries gets installed read only, so strip fails'
workaround (not needed anymore)
- change engine directory from /usr/lib/engines to
/usr/lib/engines-1.1
- change license file hash, no license change, only the following
hint was removed:
Actually both licenses are BSD-style Open Source licenses.
In case of any license issues related to OpenSSL please
contact openssl-core@openssl.org.
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Tested-by: Ryan Coe <bluemrp9@gmail.com>
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Patrick Havelange <patrick.havelange@essensium.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
GCC uses thunk functions to adjust the 'this' pointer when calling C++
member functions in classes derived with multiple inheritance.
Generation of thunk functions requires support from the compiler back
end. In the absence of that support target-independent code in the C++
front end is used to generate thunk functions, but it does not support
vararg functions.
Support for this feature is currently missing in or1k and xtensa
toolchains.
Add hidden option BR2_TOOLCHAIN_SUPPORTS_VARIADIC_MI_THUNK that
indicates presence of this feature in the toolchain. Add dependency to
packages that require this feature to be built.
Fixes:
http://autobuild.buildroot.net/results/c9e660c764edbd7cf0ae54ab0f0f412464721446/http://autobuild.buildroot.net/results/9a3bf4b411c418ea78d59e35d23ba865dd453890/
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Switching to CMake as the autotools are not crosscompiler compatible.
Removed the patches related to autotools as no longer used.
Added patch to avoid linker issue.
Added license hash.
Signed-off-by: Patrick Havelange <patrick.havelange@essensium.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
setlocalversion will use 'hg id' to determine whether or not the current
revision is tagged. If there is no tag, the Mercurial revision is printed,
otherwise nothing is printed.
The problem is that the user may have custom configuration settings (in
their ~/.hgrc file or similar) that changes the output of 'hg id' in a way
that the script does not expect. In such cases, the Mercurial revision may
not be printed or printed incorrectly.
It is good practice to ignore the user environment when calling Mercurial
commands from a well-defined script, by setting the environment variable
HGRCPATH to the empty string. See also 'hg help environment'.
In the particular case of Nokia, a custom extension adds dynamic tags in the
repository, i.e. tags that are stored in a file external to the repository
and only visible when the extension is active. These tags should not
influence the behavior of setlocalversion as they are not official Buildroot
tags, i.e. even if a revision is tagged, the Mercurial revision should still
be printed.
Note that this still does not solve the problem where an organization adds
_real_ tags in their Buildroot repository. For example, there might be a
moving tag 'last-validated' or tags indicating in which product release that
Buildroot revision was used. In these cases, setlocalversion will still not
behave as expected, i.e. show the Mercurial revision.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
When Buildroot is stored in a Mercurial repository on a branch other than
'default' ('master' in git terms), setlocalversion (used to populate
/etc/os-release) will incorrectly think that this is a tagged version and
will NOT print out the revision hash.
This is due to the fact that the output of 'hg id' is assumed to be
"<revision> <tags-if-any>"
but when on a branch it actually is:
"<revision> (<branch>) <tags-if-any>"
To let setlocalversion receive the output it expects, explicitly ask 'hg id'
to retrieve only the revision hash and any tags, ommitting any branch
information.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Rtmpdump does not support openssl 1.1.x, has not seen any changes upstream
since 2015, is only used with the gnutls backend in Debian and Fedora.
There exists a 3rd party patch for openssl 1.1.x support:
https://github.com/JudgeZarbi/RTMPDump-OpenSSL-1.1
But there is an open issue reported about a crash in the handshake code
(which is modified by the patch):
https://github.com/JudgeZarbi/RTMPDump-OpenSSL-1.1/issues/1
And the README for the repo states:
I modified a few of the files in the librtmp directory to conform to the new
getters and setters in OpenSSL 1.1.0. I don't claim to be a security
expert, and neither have I had any experience with OpenSSL in a programming
sense, so I'm not sure exactly if it's correct, but it compiles and seems to
work for what I use it for.
Which does not sound very reassuring, so instead drop the openssl support.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
All upcoming tests for git refs will rely on the return code of make to
determine whether a git ref can be downloaded or not and also to
determine whether the downloaded content is correct (all of this taking
advantage of the check-hash mechanism already in place for git
packages).
So to avoid false results i.e. in the case the check-hash mechanism
become broken in the master branch, add some sanity checks before the
actual test of download git refs.
Add the minimum test case for git refs containing only sanity checks.
Reuse the commit in the static repo.
Add a br2-external with two packages to check that:
- trying to download an invalid sha1 generates an error;
- downloading a valid sha1 that contains unexpected content generates
an error.
In order to ease the maintenance and review, each upcoming patch adding
checks to this test case will add at same time the commits to the static
repo, the equivalent packages to the br2-external and code to the test
case.
Signed-off-by: Ricardo Martincoski <ricardo.martincoski@datacom.ind.br>
Cc: Arnout Vandecappelle <arnout@mind.be>
Tested-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
>From the releases at https://github.com/oetiker/rrdtool-1.x/releases
which mentions this is not a user facing release but attempts to
be more robust against odd input.
Signed-off-by: Charles Hardin <charles.hardin@storagecraft.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Pypi now proves a sha256 hash as well.
Drop 0001-setup.py-make-pip-optional.patch as upstream has now completely
removed the docker-py checks:
accb9de52f
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The riscv-glibc repository version of glibc 2.26 will build for
RISC-V 32bit, but when many packages are built against the resulting
library an 'unknown type name mcontext_t' error is reported. The
definition of mcontext_h in the ucontext.h header file needs to be
moved outside of the '#ifdef __USE_MISC' structure to fix this
issue.
Fixes:
http://autobuild.buildroot.net/results/5aa9cb29c459f511dc9c4fcf218dc9a842505aa3
Signed-off-by: Mark Corbin <mark.corbin@embecosm.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Utility for testing pluggable authentication modules (PAM) facility.
While specifically designed to help PAM module authors to test their
modules, that might also be handy for system administrators interested
in building a centralised authentication system using common standards
such as NIS, SASL and LDAP.
Signed-off-by: Carlos Santos <casantos@datacom.com.br>
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
[Peter: drop spelling fix patch]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The compiler recognizes a specific 'march' value for Octeon III processors,
so create a 'Target Architecture Variant' entry for it in the target menu.
Note: support for '-march=octeon3' was added in gcc 5.x. However, the
official compiler provided by Marvell (Cavium Networks) uses gcc 4.7.x (and
supports -march=octeon3 via their own modifications). For this reason, no
line 'select BR2_ARCH_NEEDS_GCC_AT_LEAST_5' is added.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The compiler recognizes a specific 'march' value for Octeon II processors,
so create a 'Target Architecture Variant' entry for it in the target menu.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
It's unclear why Buildroot only defined MIPS 32/64 releases 1, 2, 5 and 6
while 3 exists as well.
Interesting fact:
"Release 4 was skipped because the number four is perceived as unlucky in
many Asian cultures."
https://en.wikipedia.org/wiki/MIPS_architecture#MIPS32/MIPS64
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>