Security fixes:
- CVE-2017-7468: switch off SSL session id when client cert is used
Full changelog: https://curl.haxx.se/changes.html
Removing 0001-CVE-2017-7407.patch. It's included in this release:
1890d59905
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Xenomai has many configure options that users may or may not want to set.
Providing individual Buildroot config options for every single one of them
is not maintainable.
Therefore, add a string option to allow the needed flexibility.
Important options, or those that have 'select/depends on' impact, can still
be turned into real Buildroot config options.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
[Thomas: rewrap Config.in help text.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Add a config option to enable the Xenomai registry, which allows accessing
internal Xenomai state.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
[Thomas:
- add missing Config.in comment.
- rewrap Config.in help text.
- tweak the .mk file logic for the registry path to avoid the super
long line.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Xenomai 3 installs quite some utils and other programs to the target
filesystem, many of which will not be used by most users.
As it is currently unclear which utils are effectively useful, and as it is
undesirable to create config options for each individual util, remove all
remaining utils such that only the Xenomai libraries remain.
At the point it becomes clear that certain utils _are_ desired by some
users, we can identify how to group them in relevant config options.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Since Xenomai 3, the list of installed binaries/scripts of the testsuite is
different than before.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Since Xenomai 3, the list of files installed for Analogy is longer, causing
the extra files to remain on the target filesystem even if Analogy is not
selected.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Xenomai has a skin 'Smokey' that Buildroot is currently unaware of, which
means that the associated files are present on target even though most users
will not need them.
Add a config option and associated logic to remove the skin if not selected.
Additionally, fixup order of VxWorks skin removal entry.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Clarify the Xenomai config options by grouping the skin-related options in a
separate menu.
Additionally:
- update proper capitalization of skin names
- sort entries
- replace 'skin library' by 'skin' to match the terminology in Xenomai
sources
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Since the introduction of Xenomai 3, the native skin is dubbed Alchemy.
Update the config menu (but leave the symbol name to avoid hurting existing
users needlessly) and fix the unselected-skin cleanup code.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Xenomai sources contain much more license files than we currently list, so
complete the current list.
Based on:
find | grep -Ei 'copying|license|copyright' | sort
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
0001-nodoc.patch is no longer necessary since a new --disable-doc
configure option has been added by this commit:
https://dev.mutt.org/hg/mutt/rev/b45bfce1bb0e
Use that option and remove the patch. Since we are not patching
Makefile.am we also don't need to autoreconf.
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Ensure that GTest is compiled with -fPIC to allow linking the static
libraries with dynamically linked programs. This is not a requirement
for most architectures but is mandatory for ARM.
Signed-off-by: Carlos Santos <casantos@datacom.ind.br>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Currently the check-package script uses many files in the same
directory. This commit keeps the main script in support/scripts/ and
moves the rest into a subdirectory.
The modules were previously prefixed to make it easy to identify which
script they belong to. This is no longer needed when using a
subdirectory, so the prefix is removed.
Note: if this commit is checked out and the script is run, and later on
a previous version is checked out, the file
support/scripts/checkpackagelib/__init__.pyc needs to be manually
removed to prevent Python interpreter to look for checkpackagelib
package when only the checkpackagelib module is available.
Reported-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The removal of the .git dir before creating the tarball is not anymore
just an optimization. It is necessary to make the tarball reproducible.
Also, without the removal, large tarballs (gigabytes) would be created
for some linux trees.
Update the comment accordingly.
Reported-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
CVE-2017-5461 - Out-of-bounds write in Base64 encoding in NSS. Might cause
remote arbitrary code execution
(https://access.redhat.com/errata/RHSA-2017:1100).
CVE-2017-5462 - DRBG flaw in NSS
Drop 0001-cross-compile.patch and TARGET* variables. Upstream Makefile now
allows override of CC, so use TARGET_CONFIGURE_OPTS instead.
Drop upstream 0003-it-uninitialized-fix.patch.
Renumber the remaining patch.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The latest docker-engine release changes the vendor tree slightly. The
Go tool will recognize a ./vendor directory and use it as a vendor tree
automatically, but only when run inside a valid GOPATH. This patch
adjusts how the GOPATH is built - now docker/docker is linked into a
blank tree, and the Go tool recognizes the ./vendor directory correctly.
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The patch for linux vdk defconfig introduced ARC_SMP_HALT_ON_RESET
config symbol. In fact that is not required as this symbol is enabled by
default if ARC_UBOOT_SUPPORT config symbol is set (and it is set in
vdk configs).
Also this commit fixes build failure, pointed us by Arnout:
https://gitlab.com/buildroot.org/buildroot/builds/14419270
Signed-off-by: Vlad Zakharov <vzakhar@synopsys.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The toolchain name was calculated in main() for reporting to the user,
and again in build_one() for creating the build directory. Calculate
it only once, in main(), and pass the build directory as an argument
to build_one().
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
libunwind use sigreturn() while building for x86 [1] but this function
is not available with uClibc-ng.
This throw a warning during libunwind build:
In file included from x86/Los-linux.c:4:0:
x86/Gos-linux.c: In function ‘_ULx86_local_resume’:
x86/Gos-linux.c:298:7: warning: implicit declaration of function ‘sigreturn’ [-Wimplicit-function-declaration]
sigreturn (sc);
^
But any program trying to link against libunwind-generic.so fail to build:
[...]usr/lib/libunwind-generic.so: undefined reference to `sigreturn'
collect2: error: ld returned 1 exit status
Disable libunwind for x86 target when uClibc-ng is used.
Fixes:
http://autobuild.buildroot.net/results/54a/54afac8148cff5f3c17e83f80917fd9006948fe0//build-end.log
[1] http://git.savannah.gnu.org/gitweb/?p=libunwind.git;a=blob;f=src/x86/Gos-linux.c;h=17aebc2974af50eb0bf8292689b2ed22a4c97866;hb=HEAD#l299
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Tested-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
There is no configure option to enable/disable libunwind support.
See efl/m4/efl_libunwind.m4
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Without pkg-config PKG_CHECK_MODULES won't be expanded
and ./configure script produces following error message:
./configure: line 13810: syntax error near unexpected token `FUSE,'
./configure: line 13810: ` PKG_CHECK_MODULES(FUSE, fuse)'
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
We have started using SPDX short identifier for license string in
<PKG>_LICENSE variable. But license strings in comments are still
using old strings. For consistency, use SPDX short identifier in
comments as well.
Cc: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Rahul Bedarkar <rahulbedarkar89@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
We add -Wno-error to not error out on warnings, which would otherwise
cause build failures.
Signed-off-by: Christian Stewart <christian@paral.in>
[Thomas: as suggested by Baruch, use -Wno-error instead of disabling
specific warnings.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This reverts commit e87644cb2a.
The issue is now fixed in Xenomai, let use Xenomai obstack support
if it's not already available from the libc.
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The configure script check whether the underlying libc provides for
native obstack support, only building Xenomai replacement code if not.
This as been tested against uClibc 1.0.22, and common glibc releases.
Backport the patch provided by uptream.
Add XENOMAI_AUTORECONF=YES since the patch modify configure.ac.
[1] http://xenomai.org/pipermail/xenomai/2017-April/037272.html
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
