Remove the --without-* options from the yes side of the TLS libraries
selection checks.
Since the --without-* option is now specified when the corresponding TLS
library is not being used, it's no longer necessary when enabling a TLS
library to explicity list all the other TLS libs that curl should not
use.
Signed-off-by: Trent Piepho <tpiepho@impinj.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Indent with tabs.
- Use a function for start.
- Pass "-q" to iucode_tool to inhibit usual output that would otherwise
interfere with the operation status report.
Signed-off-by: Carlos Santos <casantos@datacom.com.br>
[Peter: drop dummy function with sed invocation not compatible with busybox]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Brings several fixes and enhancements. Check the change log at
https://gitlab.com/iucode-tool/iucode-tool/raw/v2.3.1/ChangeLog
Tested on an equipment with Intel C3000 processor.
Signed-off-by: Carlos Santos <casantos@datacom.com.br>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The big "intel-microcode.dat" text file is gone. Only binary files are
provided, in the "intel-ucode" directory. Install it at /lib/firmware/,
like linux-firmware does, and update the iucode-tool init script to use
that path.
We don't install the microcode under "intel-ucode-with-caveats", since
it needs special commits in the Linux kernel (see "relnotes" for more
information).
Tested on an equipment with Intel C3000 processor.
Signed-off-by: Carlos Santos <casantos@datacom.com.br>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
We already turn on kernel features for several packages, so let's do it
for intel-microcode too, otherwise it's impossible to load the microcode
(by means of iucode-tools).
Signed-off-by: Carlos Santos <casantos@datacom.com.br>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Instead of defaulting to OpenSSL, allow selection of package to use
through a choice in libcurl's config. The default will be to select the
first enabled TLS provider in the same preference order as is used now,
i.e. no change from current behavior.
Some of the alternative libraries have advantages over OpenSSL in
certain areas.
For example, gnutls has vastly superior PKCS11 support. One can use
client TLS private keys by supplying a PKCS11 URI instead of a private
key file name. The TLS server cert trust store can be a PKCS11 URI,
e.g. configure libcurl with a ca-bundle of "pkcs11:model=p11-kit-trust".
Now server certs can be stored in a software and/or hardware HSM(s).
This doesn't work with OpenSSL.
However, some software only supports OpenSSL for TLS or other crypto
functions. So it might be necessary to enable OpenSSL for that reason.
Signed-off-by: Trent Piepho <tpiepho@impinj.com>
[Peter: add BR2_PACKAGE_LIBCURL_TLS_SUPPORT and use it to hide choice &
comment, explitly pass --without-foo if option is not enabled,
only do .pc fixup if BR2_PACKAGE_LIBCURL_OPENSSL is enabled]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Replace $(BR2_KERNEL_MIRROR) by https://git.kernel.org/pub, which
fixes the download of this package:
>>> trace-cmd trace-cmd-v2.6.1 Downloading
Initialized empty Git repository in /home/thomas/dl/trace-cmd/git/.git/
Fetching all references
fatal: repository 'https://cdn.kernel.org/pub/scm/linux/kernel/git/rostedt/trace-cmd.git/' not found
Detected a corrupted git cache.
Removing it and starting afresh.
Initialized empty Git repository in /home/thomas/dl/trace-cmd/git/.git/
Fetching all references
fatal: repository 'https://cdn.kernel.org/pub/scm/linux/kernel/git/rostedt/trace-cmd.git/' not found
Detected a corrupted git cache.
This is the second time in a row; bailing out
--2018-11-11 21:08:00-- http://sources.buildroot.net/trace-cmd/trace-cmd-trace-cmd-v2.6.1.tar.gz
Resolving sources.buildroot.net (sources.buildroot.net)... 104.25.210.19, 104.25.211.19, 2606:4700:20::6819:d313, ...
Connecting to sources.buildroot.net (sources.buildroot.net)|104.25.210.19|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1859835 (1.8M) [application/x-gtar-compressed]
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Update "basic set" help to include the new "choom" utility.
- Re-generate checksums for license files, whose names now follow the
SPDX License List.
- Pull a patch already applied upstream that make rtcwake use poweroff
if shutdown is not found (e.g. Busybox, which the default init system
on Buldroot).
- Pull a patch already submitted upstream to fix the output of escaped
characters by agetty.
Signed-off-by: Carlos Santos <casantos@datacom.com.br>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Note, that there is already a patch [1] to bump the version to 0.48.1.
However, the bump to version 0.48.x has some unresolved issues.
In the meantime, until the issue with 0.48 is resolved, bump to latest
version of the 0.47 branch.
[1] http://patchwork.ozlabs.org/patch/986260/
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes [1]:
/tmp/ccBAUqbI.s: Assembler messages:
/tmp/ccBAUqbI.s:622: Error: opcode not supported on this processor: mips64r6 (mips64r6) `movn $2,$4,$7'
/tmp/ccBAUqbI.s:2607: Error: opcode not supported on this processor: mips64r6 (mips64r6) `movn $2,$4,$7'
[1] http://autobuild.buildroot.net/results/dc52088222e9fbedcebffc1c39be6d2fecfffe5d
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Update site to github (for the time being, as 3.3-rc0 is a release
candidate, it is not published on the official ftp)
- Update third patch
- Remove fourth and fifth patches (already in version)
- Remove uneeded hooks, as public headers are now installed in the
standard path since
982b89c01a
- New risc-v support:
3840d49aaa
Fixes:
- http://autobuild.buildroot.org/results/3edf66362ea5a83291f19373e4b6f2e5cce98d7b
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Initially we had a port only for ARCv2 cores but then with a simple
change ARCompact cores got supported as well.
So we generalize from BR2_archs to BR2_arcle as we haven't tried to
get glibc working on big-endian ARCs yet.
Also we never bothered to check avaialbility of atomic instructions in
the core but in case of Glibc for ARC this is really a must, so we add
this check here.
Note in case of uClibc we may have system w/o HW atomics but:
1. Only single-core systems are allowed
2. Atomic instructions are emulated via arc_usr_cmpxchg syscall
Signed-off-by: Alexey Brodkin <abrodkin@synopsys.com>
Cc: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes SQUID-2018_4:
Due to incorrect input handling, Squid is vulnerable to a Cross-Site
Scripting vulnerability when generating HTTPS response messages about TLS
errors.
For more details, see the advisory:
http://www.squid-cache.org/Advisories/SQUID-2018_4.txt
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
xtensa-uclinux uses bFLT executable file format that cannot relocate
fields representing offsets from data to code. C++ objects built as PIC
use offsets to encode FDE structures. As a result C++ exception handling
doesn't work correctly on xtensa-uclinux. Don't use PIC by default on
xtensa-uclinux.
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The bump to 2.4.48 introduced a bug that, according to the author,
only happen in certain cases on glibc. But under uclibc-ng, it happens
every time.
The bug essentially cause any program calling any libattr.so function
to enter an infinite recursion, because of a symbol conflict between
uclibc-ng and libattr wrappers, that causes the libattr wrappers to
call themselves.
This infinite recursion does not consume the stack, so programs
basically behave like they enter an infinite loop.
It is easy to reproduce with qemu_arm_versatile_defconfig +
BR2_PACKAGE_ATTR: "getfattr ." never returns and takes 100% CPU.
Upstream fixed it, but the patch is not part of a release yet,
so take the patch.
Signed-off-by: Nicolas Cavallari <nicolas.cavallari@green-communications.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
CVE-2018-16843: Excessive memory usage in HTTP/2
CVE-2018-16844: Excessive CPU usage in HTTP/2
CVE-2018-16845: Memory disclosure in the ngx_http_mp4_module
Refreshed patch 0004 + 0007 as they no longer applied cleanly.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
>From the announcement:
When using a TLS enabled websockets listener with require_certificate
enabled, the mosquitto broker does not correctly verify client certificates.
This is now fixed. All other security measures operate as expected, and in
particular non-websockets listeners are not affected by this.
https://mosquitto.org/blog/2018/11/version-154-released/
Drop patch 0001, now applied upstream:
https://github.com/eclipse/mosquitto/pull/933
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit fixes the following flake8 warnings:
support/testing/tests/fs/test_f2fs.py:6:1: E302 expected 2 blank lines, found 1
support/testing/tests/fs/test_f2fs.py:12:1: E302 expected 2 blank lines, found 1
support/testing/tests/fs/test_f2fs.py:38:23: E225 missing whitespace around operator
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
libmagic (from file package) already provides the buffer_init function
so to avoid a build failure for applications wanting to statically link
with twolame and libmagic (for example sox), rename buffer_init into
bitbuffer_init (also rename buffer_deinit into bitbuffer_deinit and
buffer_sstell into bitbuffer_sstell for consistency)
Fixes:
- http://autobuild.buildroot.org/results/b3fc62e7f372fe595966e84091c11ccdb4cfa77c
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Changelog: http://www.php.net/ChangeLog-7.php#7.2.12
Rebased patch 0004 and updated license hash after white space removal:
902d39a3a7
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Setting overprovision to 0 and omitting this option has exactly
the same effect.
Signed-off-by: Grzegorz Blach <grzegorz@blach.pl>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
For BR2_TARGET_ROOTFS_F2FS_COLD_FILES clarify that extension list must
be a coma separated.
For BR2_TARGET_ROOTFS_F2FS_OVERPROVISION clarify that the default
overprovision ratio is autocalculated according to the partition size.
Signed-off-by: Grzegorz Blach <grzegorz@blach.pl>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Adjust patch to fit the new version.
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Reviewed-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Add license hash for COPYING file.
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Bumps Golang host-go compiler to 1.11.2 release.
Add hash for LICENSE.
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
I am now maintaining / submitting regular patches for the Go toolchain as well.
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Static build of applications using qt-zlib and zlib (such as mpv) will
fail because zlib and qt-zlib defines the same functions (inflateReset,
inflatePrime ...)
So add a dependency on !BR2_STATIC_LIBS on BR2_PACKAGE_QT_QTZLIB
Fixes:
- http://autobuild.buildroot.org/results/0be6e359d46a8a701006305c32b514687854b035
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>