Fixes CVE-2018-9234: Unenforced configuration allows for apparently
valid certifications actually signed by signing subkeys.
Remove --disable-doc from configure options. We pass this options to all
autotools packages.
Cc: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
When libpcap itself is linked against other libraries, reaver fails to
build as it doesn't link with libpcap dependencies. This patch fixes
that by using the pcap-config program.
Fixes:
http://autobuild.buildroot.net/results/899fd633288d5cd5aa221413cded857e4f743194/
Signed-off-by: Guillaume W. Bres <guillaume.bressaix@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Version 0.4 supports bootloader updates to eMMC boot partitions.
Signed-off-by: Jim Brennan <jbrennan@impinj.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
By default, the builsystem for uboot defaults to 'legacy', while the
default version is very well capable of using the 'kconfig' buildsystem
instead.
Having the 'legacy' buildsystem be the default in that case makes it
quite inconvenient for users: they would expect to be able to use e.g.
uboot-menuconfig et al. with the default uboot version.
Switch to using 'kconfig' when we use the latest version. Keep the
'legacy' as default for everything else.
Also, invert the 'legacy' and 'kconfig' entries in the choice: it is
nicer to have the recent and future-proof entry first.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Tested-by: Petr Vorel <petr.vorel@gmail.com>
Reviewed-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The version of the ARM Trusted Firmware from Marvell was a Git branch,
not a Git commit, leading to unreproducible results. So let's use a
Git commit instead, which is the latest available from the branch that
was previously used.
More specifically, this branch has recently seen a fix that is needed
for ATF to build properly with recent gcc versions:
c96ec59f8b
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The version of the ARM Trusted Firmware from Marvell was a Git branch,
not a Git commit, leading to unreproducible results. So let's use a
Git commit instead, which is the latest available from the branch that
was previously used.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Tested-by: Sergey Matyukevich <geomatsi@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This test case currently fails to build with:
./build/juno/release/bl1/context_mgmt.o: In function `cm_prepare_el3_exit':
context_mgmt.c:(.text.cm_prepare_el3_exit+0x54): undefined reference to `cm_set_next_context'
context_mgmt.c:(.text.cm_prepare_el3_exit+0x54): relocation truncated to fit: R_AARCH64_JUMP26 against undefined symbol `cm_set_next_context'
This issue has been fixed upstream in commit
10c252c14b7f446c0b49ef1aafbd5d37804577dd, available since v1.3. So
while we bump, let's bump to the latest version of ATF, v1.5.
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/64360659
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Bump kernel to version 4.16.3 and U-Boot to 2018.03.
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Since commit 5563a1c6a4
("support/check-uniq-files: support weird locales and filenames"), the
'csv' Python module is no longer used by the check-uniq-files.
Due to this, flake8 complains with:
support/scripts/check-uniq-files:4:1: F401 'csv' imported but unused
Fix this by dropping the useless csv import.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The release announcement mentions these security fixes:
Defend against Bellcore glitch attacks by verifying the results of RSA
private key operations.
Fix implementation of the truncated HMAC extension. The previous
implementation allowed an offline 2^80 brute force attack on the HMAC
key of a single, uninterrupted connection (with no resumption of the
session).
Reject CRLs containing unsupported critical extensions.
Fix a buffer overread in ssl_parse_server_key_exchange() that could
cause a crash on invalid input. (CVE-2018-9988)
Fix a buffer overread in ssl_parse_server_psk_hint() that could cause
a crash on invalid input. (CVE-2018-9989)
Drop upstream patch.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Don't build the static library when BR2_SHARED_LIBS=y, to reduce build
time.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Sometimes it is useful to pass some parameters to ModemManager when it
starts (e.g. --log-level). Allow the user add a file with such flags in
a MODEMMANAGER_ARGS variable. This is simpler than overriding the whole
startup script (e.g. by means of a rootfs overlay).
Signed-off-by: Carlos Santos <casantos@datacom.ind.br>
Acked-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Since commit e93fec6673 (lz4: bump to version 1.8.1.2) we use two make
targets, 'lib' and 'lz4'. Both targets depend on the static library.
When these targets run in parallel the two make instances that build the
static library race against each other. Split these targets to ensure
build order.
Should fix:
http://autobuild.buildroot.net/results/a8d/a8d956ff420f6a265c5c00b33646dbbc24ce2d48/
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Add host-openssl to those configs, which need it for the Linux kernel build.
Signed-off-by: Vincent Stehlé <vincent.stehle@laposte.net>
Cc: Matthew Weber <matthew.weber@rockwellcollins.com>
Cc: Marcin Niestroj <m.niestroj@grinn-global.com>
Cc: Fabio Estevam <fabio.estevam@nxp.com>
Reviewed-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Upstream moved to https://ccid.apdu.fr/ according to
http://pcsclite.alioth.debian.org/ccid.html, updated _SITE and
Config.in.
Added license hash.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Upstream moved to https://muscle.apdu.fr/ according to
http://pcsclite.alioth.debian.org/, updated _SITE and Config.in.
Added license hash.
Added optional systemd support available since upstream commit
30e10951f8 (diff-67e997bcfdac55191033d57a16d1408a)
We need to add systemd support in this patch because omitting it will
cause an error during configure:
checking for LIBSYSTEMD... no
configure: error: install libsystemd-dev or use --disable-libsystemd
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Since bluez5_utils 5.49, some code using readline was compiled even if
readline was not available. After this issue was reported upstream, a
patch was proposed by an upstream developer to address the issue. This
commit integrates this patch (under review upstream), which fixes the
problem.
Fixes:
http://autobuild.buildroot.net/results/3e266a79acab8b8eb33360f7afbc1cd6db46f7cb/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
A number of fcntl.h definitions were missing on OpenRISC in uClibc-ng,
causing build failures such as:
gfile.c: In function 'splice_stream_with_progress':
gfile.c:3017:35: error: 'F_SETPIPE_SZ' undeclared (first use in this function)
buffer_size = fcntl (buffer[1], F_SETPIPE_SZ, 1024 * 1024);
This comit backports a patch that was merged in upstream uClibc-ng,
which addresses this problem.
Fixes:
http://autobuild.buildroot.net/results/182ebbba6c7466b07e965e5120d919cbcf5e9da6/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This commit updates all the pre-built Buildroot toolchains, which have
all been rebuilt with Buildroot as of commit 046c5e2. The initial
motivation for this update is that an upcoming bump of procps-ng uses
fopencookie(), which has only been introduced in musl 1.1.19, which
itself started being used in Buildroot after the 2018.02 release.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Also install bootstrap.min.css.map as it is referenced from
bootstrap.min.css.
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Use the same version as tcl package.
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
While at it add the license file hash.
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
While at it add the license file hash.
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Older versions of tar (e.g. 1.27.1) incorrectly interpret the escaping
of the regexp separator, and generate broken tarballs.
For example, given the following transform expression:
--transform="s/^\.\//squashfs-e38956b92f738518c29734399629e7cdb33072d3\//"
the resulting paths in the generated tarball would be:
squashfs-e38956b92f738518c29734399629e7cdb33072d3\/
i.e. a directory which last character is indeed a '\'.
We fix that by using a separator which is very unlikely to occur in a
filename.
Fixes:
http://autobuild.buildroot.org/results/742/7427f34e5c9f6d043b0fe6ad2c66cc0f31d2b24f/
and probably a slew of others as well...
Take this opportunity to fix indentation on the following line
(leading spaces, not TABs).
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Maxime Hadjinlian <maxime.hadjinlian@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The current method of supporting static only build, removal of all lines
that match the SHARED regex from lib/Makefile, is crude and fragile.
Instead, patch lib/Makefile to allow disable of shared libraries.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The email address of Philipp Claves bounces.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
