Enabling TLS compression may make mbedTLS vulnerable to the
CRIME attack [1]. It should not be enabled unless is is sure CRIME and
similar attacks are not applicable to the particulare situation.
As zlib is probably enabled in most systems, the user might end up with
a vulnerable system without knowing. So, instead of enabling compression
support if the zlib package is available, we make the compression support
a config option. This way, the user has to explicitly enable compression
support and is warned by the help text about the risk.
[1] https://tls.mbed.org/kb/how-to/deflate-compression-in-ssl-tls
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This file was missing from commit
84d997d689 ("system(d): allow auto net
configuration with networkd")
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This new version introduces a lot of bug fixes and some new API
functions.
Additionally, the IIO Daemon is now able to share the local IIO devices
through USB (using FunctionFS).
[Peter: usbd option needs 3.18+ headers, reorder options for menuconfig]
Signed-off-by: Paul Cercueil <paul.cercueil@analog.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Automatically build sudo with ldap support when openldap is enabled.
When sudo is built with ldap, /etc/sudoers is only read in for defaults,
all rules need to be provided via ldap which is configured by the user
in /etc/ldap.conf.
Signed-off-by: Chris Frederick <cdf123@cdf123.net>
Reviewed-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This change adds inode tracking to the size-stats script so that hard
links don't cause files to be double counted. This has a significant
effect on the size computation for some packages. For example, git has
around a dozen hard links to a large file. Before this change, git would
weigh in at about 170 MB with the total filesystem size reported as
175 MB. The actual rootfs.ext2 size was around 16 MB. With the change,
the git package registers at 10.5 MB with a total filesystem size of
15.8 MB.
Signed-off-by: Frank Hunleth <fhunleth@troodon-software.com>
Acked-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Also making it clearer as for what each plugin dependencies are.
Signed-off-by: Gary Bisson <gary.bisson@boundarydevices.com>
[Thomas: invert conditions to avoid empty ifeq ... else statements.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
BR2_PACKAGE_OPENNTPD has a "depends on !BR2_PACKAGE_NTP" because the
openntpd package conflicts with the ntp package.
So the Config.in comment of openntpd should also not be visible when ntp
is selected. Otherwise the comment will show up when the user has a
non-NPTL toolchain, and once he enables NPTL support, the comment
disappears, but the package option doesn't appear.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Replacing ftpmirror.gnu.org with BR2_GNU_MIRROR variable
Signed-off-by: Brian 'redbeard' Harrington <redbeard@coreos.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Replacing ftpmirror.gnu.org with BR2_GNU_MIRROR variable
Signed-off-by: Brian 'redbeard' Harrington <redbeard@coreos.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Replacing ftpmirror.gnu.org with BR2_GNU_MIRROR variable
Signed-off-by: Brian 'redbeard' Harrington <redbeard@coreos.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Allow automatic network configuration via systemd-networkd if selected.
If systemd-networkd is enabled and $BR2_SYSTEM_DHCP is set, then create
a .network file to configure the selected network interface via DHCP.
Signed-off-by: Eric Le Bihan <eric.le.bihan.dev@free.fr>
[Thomas:
- merge the two patches from Eric into just one
- instead of generating the dhcp.network file completely from the .mk
file, use a template file, and "sed" it with the right network
interface]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Although highly recommended to be enabled, EFL's eeze can be disabled
and thus no dependency on libudev or dynamic device management.
Since 'BR2_PACKAGE_HAS_UDEV' has two ways to be satisfied (eudev or
systemd) we can't automatically select it, instead show a comment and
use 'depends on'.
Signed-off-by: Gustavo Sverzut Barbieri <barbieri@profusion.mobi>
[Romain:
- Propagate the eeze dependency to enlightenment and efl Wayland
- Remove udev provider from eeze comment in efl's Config.in
- Add comments when eeze is not available]
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
To reduce the qt5base binary size, we can disable unnecessary features.
Instead of trying to map every qt5base option to buildroot, create a
single config that we can pass any option too. Then append those to the
ones generated by buildroot.
Signed-off-by: Brandon Maier <brandon.maier@rockwellcollins.com>
Signed-off-by: Bryce Ferguson <bryce.ferguson@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Originally, the opkg sources also contained the tools needed to _create_ an
opkg package. In later releases, this code has been split to a separate
package opkg-utils.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
this kernel rev has numerous bug fixes, framework upgrades and new
features added.
Signed-off-by: Dagg Stompler <daggs@gmx.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
this version bump allows usage of hardkernel's secure signatures when
booting a system
Signed-off-by: Dagg Stompler <daggs@gmx.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
To enable compression support using zlib it is necessary to uncomment
the define for MBEDTLS_ZLIB_SUPPORT in config.h [1].
Note, that enabling TLS compression may make mbedTLS vulnerable to the
CRIME attack [1]. It should not be enabled unless is is sure CRIME and
similar attacks are not applicable to the particulare situation.
As zlib is probably enabled in most systems, maybe it is best to make
the compression support a user choice and add the warning from [1]?
[1] https://tls.mbed.org/kb/how-to/deflate-compression-in-ssl-tls
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The use of a 'rule' variable that can contain 'show-depends' or
'show-rdepends' is not logical if get_depends is considered as a reusable
function from various scripts. The name of these rules are too much an
implementation detail.
Therefore, split the existing get_depends into two separate functions
get_depends and get_rdepends, while keeping code duplication to a minimum.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Functions to obtain the version and dependencies of a package from Python
can be useful for several scripts. Extract this logic out of graph-depends
into pkgutil.py.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
[Thomas: remove shebang from pkgutil.py, noticed by Yann E. Morin.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Gunicorn ‘Green Unicorn’ is a Python WSGI HTTP Server for UNIX. It’s a
pre-fork worker model ported from Ruby’s Unicorn project. The Gunicorn
server is broadly compatible with various web frameworks, simply
implemented, light on server resource usage, and fairly speedy.
Signed-off-by: Lionel Flandrin <lionel@svkt.org>
Reviewed-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Gmane mailing list infrastructure is broken from some time,
switching to nabble both for rss and search services.
Signed-off-by: Angelo Compagnucci <angelo.compagnucci@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Google deprecated feed api to cenvert rss to json, switching
to yahoo yql. This patch also reorganize the javascript code
to accomodate the fixings.
Signed-off-by: Angelo Compagnucci <angelo.compagnucci@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This patch bumps jquery and bootstrap to the latest versions.
Signed-off-by: Angelo Compagnucci <angelo.compagnucci@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
- remove 0001-Include-stdint.h-where-needed.patch as it was merged into
the tree.
Signed-off-by: Dagg Stompler <daggs@gmx.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Function get_depends was recently changed to support both normal
dependencies as reverse dependencies, via a global variable 'rule' that
equals 'show-depends' or 'show-rdepends'.
As a subsequent function will extract this function get_depends to a
separate file, the use of globals is problematic.
Instead, pass the global as an argument.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Sync external prebuilt toolchain with the one we now build in Buildroot,
i.e. arc-2016.09. Since that prebuilt toolchain finally has IPv6 enabled
it works pretty fine for building packages in Buildroot.
Still note:
1) There might be subtle differences between uClibc configuration
compared to Buildroot's one.
2) A couple of patches we apply on top of Builroot-built toolchain
are obviously missing in the prebuilt version - they will be
available in the next release.
Signed-off-by: Alexey Brodkin <abrodkin@synopsys.com>
Cc: Vlad Zakharov <vzakhar@synopsys.com>
Cc: Peter Korsgaard <peter@korsgaard.com>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Technically this is 10.1.0, however the initial release left out a config
directory causing autoconfig to fail. See this post:
https://github.com/vmware/open-vm-tools/issues/115#issuecomment-269963907
As such, I specified the hash to fix the release:
5a9033ddfa
Signed-off-by: Adam Duskett <aduskett@codeblue.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
