With Microblaze Gcc version <= 9.x the build fails due to gcc bug 68485:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=68485. The bug show up when
building opencv3 with optimization but not when building with -O0. To
work around this, if BR2_TOOLCHAIN_HAS_GCC_BUG_68458=y, we force using
-O0.
Fixes:
- http://autobuild.buildroot.org/results/c78eac84d1c5a6702e7759cd5364da1c3e399b4b
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Giulio Benetti <giulio.benetti@micronovasrl.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
We can't use dosfstools' install target, because it'll install *all*
binaries, even the disabled ones. Also, we can't just delete dosfstools
binaries from the target directory after installing them, because other
packages (specifically Busybox) may provide tools of the same name, and
we may end up deleting those instead.
To avoid any issues, we create our own install routines, which only
copy the enabled binaries into the target location.
Signed-off-by: Markus Mayer <mmayer@broadcom.com>
[Thomas: use full destination path for INSTALL commands.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Provide additional details on how Mender works within Buildroot.
Signed-off-by: Mirza Krak <mirza.krak@northern.tech>
[Thomas: remove duplicate "Default configuration files" title, rewrap
text]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes the following security issues:
(3.41) CVE-2018-12404: Cache side-channel variant of the Bleichenbacher
attack
(3.42.1) CVE-2018-18508: Add additional null checks to several CMS functions
to fix a rare CMS crash. Thanks to Hanno Böck and Damian Poddebniak for the
discovery and fixes
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
Prevent over long nonces in ChaCha20-Poly1305 (CVE-2019-1543)
ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input for
every encryption operation. RFC 7539 specifies that the nonce value (IV)
should be 96 bits (12 bytes). OpenSSL allows a variable nonce length and
front pads the nonce with 0 bytes if it is less than 12 bytes. However it
also incorrectly allows a nonce to be set of up to 16 bytes. In this case
only the last 12 bytes are significant and any additional leading bytes are
ignored.
It is a requirement of using this cipher that nonce values are unique.
Messages encrypted using a reused nonce value are susceptible to serious
confidentiality and integrity attacks. If an application changes the
default nonce length to be longer than 12 bytes and then makes a change to
the leading bytes of the nonce expecting the new value to be a new unique
nonce then such an application could inadvertently encrypt messages with a
reused nonce.
Additionally the ignored bytes in a long nonce are not covered by the
integrity guarantee of this cipher. Any application that relies on the
integrity of these ignored leading bytes of a long nonce may be further
affected. Any OpenSSL internal use of this cipher, including in SSL/TLS, is
safe because no such use sets such a long nonce value. However user
applications that use this cipher directly and set a non-default nonce
length to be longer than 12 bytes may be vulnerable.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Since linux-4.19, the kernel's build system internally touches its
.config file.
However, we currently used that file as a timestamp to detect whether
our kconfig fixups were to be (re)applied or not, which in turn is used
to decide whether we should (re)build the package or not.
But with latest kernel versions, this timestamp heuristic is now broken,
and we always rebuild the kernel on subsequent builds.
We fix that by introducing a separate timestamp file of our own, which
we know the kernel (or the kconfig-based packages, for that matters)
does not use.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Thomas De Schampheleire <patrickdepinguin@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Also add a standard sha256 hash for the package itself.
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Reviewed-by: Thomas Huth <huth@tuxfamily.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
According to the LICENSE file curve25519-donna is licensed under
BSD-3-Clause license.
There is only BSD-2-Clause license mentioned so remove
BSD-2-Clause-like.
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Reviewed-by: Thomas Huth <huth@tuxfamily.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Drop the patch adding license files since they are now in the tarball.
On the other hand, a configure script is no longer distributed with the
tarball. Upstream considers that to be "safer":
https://www.spinics.net/lists/linux-usb/msg179970.html
Don't remove the usb-devices script; it doesn't needs bash anymore.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This external toolchain is pre-built for x86, so it can only work on
x86 and x86-64, and for the latter, the ia32 libraries are necessary.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Use the usual enable/disable options for the libmagic optional
dependency.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4 out of 5 packages who are not using autotools but needed their
gnuconfig files updated were not complying with the recommandation in
support/gnuconfig/README.buildroot. The fifth package was converted to
be like the others: use UPDATE_CONFIG_HOOK as a <pkg>_POST_PATCH_HOOKS
rather than calling the CONFIG_UPDATE macro directly.
Now that all packages are consistent, update the README.buildroot file
to match the reality.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
jimtcl, perl, usb_modeswitch and x264 are registering
UPDATE_CONFIG_HOOK as a post patch hook to get their gnuconfig files
updated. lmbench is the only package calling CONFIG_UPDATE directly,
so for consistency, let's make it use the same logic as jimtcl, perl,
usb_modeswitch and x264.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
There are two additional inventory scripts provided in
the Mender client repository, let's install them.
- mender-inventory-os
- will push content of /etc/os-release
- mender-inventory-rootfs-type
- will push filesystem type of rootfs
Signed-off-by: Mirza Krak <mirza.krak@northern.tech>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
The configuration options (RootfsPartA/RootfsPartB) must
provide a valid path to a block devices.
Signed-off-by: Mirza Krak <mirza.krak@northern.tech>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Commit 1ce2db1090 was the second patch of
a third patch serie, it was applied without the first one so
AUTORECONF=YES was missing and patch number was wrong. Fix these two
errors.
Fixes:
- http://autobuild.buildroot.org/results/a26d3493399c43faa37d2d67d772e0833971a9de
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
