Fix the following build failure on one mips toolchain with gcc 5.3
raised since bump to version 2.18.2 in commit
47fa16dffa:
src/lib/hash/sha3/sha3.cpp: In function 'std::tuple<long long unsigned int, long long unsigned int, long long unsigned int, long long unsigned int, long long unsigned int> Botan::{anonymous}::xor_CNs(const uint64_t*)':
src/lib/hash/sha3/sha3.cpp:41:42: error: converting to 'std::tuple<long long unsigned int, long long unsigned int, long long unsigned int, long long unsigned int, long long unsigned int>' from initializer list would use explicit constructor 'constexpr std::tuple< <template-parameter-1-1> >::tuple(_UElements&& ...) [with _UElements = {long long unsigned int, long long unsigned int, long long unsigned int, long long unsigned int, long long unsigned int}; <template-parameter-2-2> = void; _Elements = {long long unsigned int, long long unsigned int, long long unsigned int, long long unsigned int, long long unsigned int}]'
A[4] ^ A[9] ^ A[14] ^ A[19] ^ A[24]};
^
Upstream suggested to revert a commit while they work on a better fix.
The commit to revert was a fix for XCode on Clang 12, neither of which
apply to us in Buildroot, so we can indeed just carry that revert.
Fixes:
- http://autobuild.buildroot.org/results/4e86c3008aa70284a3002f426066fcc21d018e95
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr: explain why we revert]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fixes the following security issue:
- CVE-2021-40529: The ElGamal implementation in Botan through 2.18.1, as
used in Thunderbird and other products, allows plaintext recovery because,
during interaction between two cryptographic libraries, a certain
dangerous combination of the prime defined by the receiver's public key,
the generator defined by the receiver's public key, and the sender's
ephemeral exponents can lead to a cross-configuration attack against
OpenPGP
For more details, see the upstream bug and issue writeup:
- https://github.com/randombit/botan/pull/2790
- https://ibm.github.io/system-security-research-updates/2021/07/20/insecurity-elgamal-pt1
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
* drop 0001-fenv.patch, issue [0] was marked fixed since boost 1.64 (commit [1])
* drop upstreamed patch 0002
* filesystem now depends on boost-atomic
* math broke the build without always lockfree atomic ints, disable for now. reported at [2].
[0] https://svn.boost.org/trac/boost/ticket/11756
[1] cb2a1c2488
[2] https://github.com/boostorg/math/issues/673
Signed-off-by: Michael Nosthoff <buildroot@heine.tech>
[Arnout: improve propagation of reverse dependencies:
- also update comment of cc-tool;
- add boost-filesystem to reason of gnuradio, libcpprestsdk, uhd;
- move dependency to arch-deps of mongodb]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Backport an upstream patch to add support for riscv32. Although this is
a new feature (new arch support), this is an upstream commit, so we can
expect it to be available in a future release.
Fixes:
- http://autobuild.buildroot.org/results/1c399312dbec5d7a28ec90d62fdd8f47fa14ff4b
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr:
- technically, this is not a bug fix, but new arch support
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
FOO_CPE_ID_VALID really ought to be an internal implementaion detail.
Packages that really want to trigger their CPE defintitions really
should set one of the actual variables to a meaningful value.
There are two CPE-related variables that we could chose to set to
replace FOO_CPE_ID_VALID: FOO_CPE_ID_VENDOR and FOO_CPE_ID_PRODUCT.
Between those two, _VENDOR more often diverges from the default than
_PRODUCT does, so that's what we use.
---8<------8<------8<------8<------8<---
#!/bin/bash
# Replace FOO_CPE_ID_VALID = YES with FOO_CPE_ID_VENDOR = foo_project
for i in $(git grep -l -E '[^)]_CPE_ID_VALID = YES' package support); do
pkg="$(basename "${i%/*}")"
sed -r -i -e "s/_CPE_ID_VALID = YES/_CPE_ID_VENDOR = ${pkg}_project/" "${i}"
done
---8<------8<------8<------8<------8<---
Reported-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Cc: Matthew Weber <matthew.weber@rockwellcollins.com>
Cc: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[Peter: update cpe-test comment to reflect pkg3 change]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix a memory leak in GCM where if passed an unsuitable block cipher (eg
not 128 bit) it would throw an exception and leak the cipher object.
https://github.com/randombit/botan/blob/2.16.0/news.rst
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- aarch64, powerpc64le and s390x are supported since version 2.5.0 and
5f55f0eac9
- sparc64 is supported since version 2.5.0 and
7e6aea7a9b
- riscv is supported since version 2.8.0 and
b9aafd6700
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Calculate hash of tarball locally, hash of 2.13.0 is not in
https://botan.randombit.net/releases/sha256sums.txt
- Update hash of license file (update in year:
3567c921c1)
- Update indentation of hash file (two spaces)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Remove patches (already in version)
- Upstream does not provide tgz tarball anymore, switch to xz.
- Update hash for license file due to copyright year change.
- See full changelog https://botan.randombit.net/news.html
Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
On some architectures, atomic built-ins are provided by the libatomic
library from gcc. Linking with libatomic is therefore necessary,
otherwise the build fails with:
sparc-buildroot-linux-uclibc/sysroot/lib/libatomic.so.1: error adding symbols: DSO missing from command line
This is often for example the case on sparcv8 32 bit.
Fixes:
- http://autobuild.buildroot.org/results/a442734c570e4a02854014d831ba3aab9f592430
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Using $(STAGING_DIR)/usr and $(TARGET_DIR)/usr as the DESTDIR value
causes Botan to be installed in $(STAGING_DIR)/usr/usr and
$(TARGET_DIR)/usr/usr, which obviously isn't correct. Let's fix that
by passing the appropriate DESTDIR values.
Signed-off-by: DUPONCHEEL Sébastien <sebastien.duponcheel@corp.ovh.com>
[Thomas: extend commit log.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fix following error if sphinx is found but its version is too low:
Sphinx version error:
This project needs at least Sphinx v1.2 and therefore cannot be built with this version.
Ignoring ImportError and using old theme
ERROR: Error running sphinx-build -q -c ./src/configs/sphinx -b html ./doc/manual build/docs/manual
Fixes:
- http://autobuild.buildroot.net/results/c15715a05a41035954f32510483314060ea31260
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Depends on gcc >= 4.8:
https://github.com/randombit/botan/blob/master/readme.rst
Rebased patch 0001, added license hash and updated license path.
Updated configure options for shared/static libraries after commit
299119f02c
Added configure for ssp support after commit
ebeae68aba
This fixes a build error with toolchains without ssp support.
Removed dependency to gmp:
https://github.com/randombit/botan/issues/719
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Botan compiles all PowerPC code with AltiVec support and only determines
at runtime whether the CPU even supports it. If the target CPU uses the
older SPE extensions, though, this is too late; since SPE and AltiVec
are incompatible, gcc aborts the compilation. This patch explicitly
disables AltiVec support unless BR2_POWERPC_CPU_HAS_ALTIVEC is defined
Signed-off-by: Tobias Blass <tobias.blass@rohde-schwarz.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
We want to use SPDX identifier for license string as much as possible.
SPDX short identifier for BSD-2c is BSD-2-Clause.
This change is done using following command.
find . -name "*.mk" | xargs sed -ri '/LICENSE( )?[\+:]?=/s/BSD-2c/BSD-2-Clause/g'
Signed-off-by: Rahul Bedarkar <rahulbedarkar89@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
botan uses a non-autotools build system. We currently don't pass any
--prefix=/usr, and by default the prefix is set to /usr/local. This
doesn't cause a lot of visible issues because at install time, we pass
DESTDIR=$(TARGET_DIR)/usr (the build system doesn't make the
difference between DESTDIR and prefix).
However, the generated pkg-config .pc file is wrong, as it contains
prefix=/usr/local instead of prefix=/usr, which doesn't match where
the botan library and headers are installed. By passing --prefix=/usr,
we make sure that the .pc file is in line with where botan is
installed.
Fixes bug #7760
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit doesn't touch infra packages.
Signed-off-by: Jerzy Grzegorek <jerzy.grzegorek@trzebnica.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>