Fixes:
CVE-2015-3193 - BN_mod_exp may produce incorrect results on x86_64
CVE-2015-3194 - Certificate verify crash with missing PSS parameter
CVE-2015-3195 - X509_ATTRIBUTE memory leak
Enable IDEA as well since otherwise the build breaks (always great
upstream) - it's no longer patent encumbered.
[Peter: correct sha256]
Signed-off-by: Gustavo Zacarias <gustavo.zacarias@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Make ACS (Automatic Channel Selection) support in hostapd optional.
There's a clash of standard vs. propietary solutions, hence when hostapd
has builtin ACS support (standard) and it's enabled (channel=0 in the
config) this will preclude the propietary driver from using ACS (it
won't work at all).
See:
http://e2e.ti.com/support/wireless_connectivity/f/307/p/465333/1669270
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
0002-unzip.patch was added in 69516e0 to fix a segmentation fault in the
gunzip applet. However, it introduced a new issue that made the unzipping
of some files fail.
Add an upstream patch that fixes this new issue.
Fixes#8501.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Cc: Jason Rush <rush0033@hotmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
gawk has an optional dependency on mpfr (and thus gmp) and readline,
and will probe for them. If they are present, they are used; if they
are missing, that's not an error. mpfr (and gmp) is used for "BIGNUM"
support on gawk; readline is used by the gawk debugger.
However, mpfr (bringing gmp) are also host-packages in Buildroot, but in
the standard build order (i.e. a plain 'make'), they are built after
gawk. Ditto readline (from ncurses).
If the user has the development files for gmp and mpfr, then gawk is
linked to them. Ditto readline.
Now, further on in the build, we build gmp and mpfr (for gcci or guile),
so we install them in the host dir. Ditto readline (for gdb, ncurses
itself and a few other packages...)
But because we forcibly set an RPATH tag on all our host binaries, our
host gawk will now dynamically link with our versions, when it was in
fact built against the host ones.
This did not seem to cause any harm so far, but is far from ideal.
Since we do not really need BIGNUM or the debugger in our host gawk, we
just forcibly disable them and configure gawk without readline or mpfr
(there's no switch for gmp, but it's not a direct dependency, it comes
just with mpfr).
[Adjust comment as suggested by Thomas/Yann]
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Peter Korsgaard <jacmet@uclibc.org>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Despite the comment saying so, the trailing '/' in the host directory is
not removed. Note however that it is properly removed from extracted
RPATH tags.
This is not visible when the host directory is our default $(O)/host
location, but breaks for user-supplied external host directory, when
the user leaves a trailing slash in the path.
Fix that.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Peter Korsgaard <jacmet@uclibc.org>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The 3.4 series has been promoted to stable.
Handle autodeps more concisely (idn, p11-kit, zlib).
libtasn1 is now mandatory, since otherwise gnutls uses the bundled
version it makes no sense to try that because of target duplication.
Disable tpm support since we've got no trousers package.
Disable libdane support since we've got no dane package.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The http-parser repository has been transfered from joyent to nodejs.
Bump version to 2.6.0.
Signed-off-by: Renaud AUBIN <root@renaud.io>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
- Bump version to 2.4.43
- Use md5 and sha1 upstream provided hashes. This combination is
stronger than a sha256 hash.
- Switch to an http download site to avoid problems with firewalls
blocking the ftp.
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Patches are upstream so remove them.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Name Service Switch (NSS) module that allows your LDAP server to provide
user account, group, host name, alias, netgroup, and basically any other
information that you would normally get from /etc flat files or NIS. It
also provides a Pluggable Authentication Module (PAM) to do
authentication to an LDAP server.
[Thomas:
- bump to version 0.9.6
- use --disable-<foo> rather than --enable-<foo>=no.
- fix license information: there is no LICENSE file, it is named
COPYING.]
Signed-off-by: Doug Kehn <rdkehn@yahoo.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
[Thomas:
- add hash file
- fix license information: use comma as a separator in
<pkg>_LICENSE, and htable is under LGPLv2.1+ and not GPLv2.1+
(which doesn't exist)]
Signed-off-by: Ryan Barnett <ryanbarnett3@gmail.com>
CC: Baruch Siach <baruch@tkos.co.il>
CC: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Building conntrack-tools with kernel headers >= 4.2 + musl fails due to
a well-known symbol clash that occurs when userspace and kernel headers
are included simultaneously (see [1], question 7, for details).
In the case of conntrack-tools, the inclusion of both 'netinet/in.h' and
'linux/in.h' occurs inside the C helper files (src/helpers/*.c)
indirectly via e.g. 'libnetfilter_conntrack/libnetfilter_conntrack.h',
which itself includes 'netinet/in.h', and 'linux/netfilter.h', which
includes 'linux/in.h' in kernel headers >= 4.2.
The approach to solving this type of conflict with musl usually involves
removing the inclusion of kernel headers or refactoring the code so as
to avoid the mentioned simultaneous inclusion. This is unfortunately
non-trivial in the case of conntrack-tools since the clashing headers
get included indirectly by headers that are strictly necessary (because
of definitions used in some helper callbacks).
Work around the issue by defining __GLIBC__ when musl is used. This
eliminates the conflicts as the kernel headers avoid redefining certain
symbols when they see __GLIBC__ defined (linux/libc-compat.h). Note that
other glibc-compatible libraries, like uClibc, already do that
internally.
Fixes:
http://autobuild.buildroot.net/results/66e/66ec247fa0fc385bef8d2084c65bf5cad3a8e8ca/http://autobuild.buildroot.net/results/624/624a0d48decd819eb58cbb3c58ee904b87ebfb21/
[1] http://wiki.musl-libc.org/wiki/FAQ
Signed-off-by: Rodrigo Rebello <rprebello@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes#8491
glib/valgrind.h contains inline asm not compatible with thumb1, so build it
in arm mode:
CC libglib_2_0_la-gstringchunk.lo
/tmp/ccSVEXME.s: Assembler messages:
/tmp/ccSVEXME.s:587: Error: shifts in CMP/MOV instructions are only supported
in unified syntax -- `mov r12,r12,ror#3'
/tmp/ccSVEXME.s:587: Error: shifts in CMP/MOV instructions are only supported
in unified syntax -- `mov r12,r12,ror#13'
/tmp/ccSVEXME.s:588: Error: shifts in CMP/MOV instructions are only supported
in unified syntax -- `mov r12,r12,ror#29'
/tmp/ccSVEXME.s:588: Error: shifts in CMP/MOV instructions are only supported
in unified syntax -- `mov r12,r12,ror#19'
/tmp/ccSVEXME.s:589: Error: lo register required -- `orr r10,r10,r10'
Makefile:2087: recipe for target 'libglib_2_0_la-gslice.lo' failed
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Dumping our 176164 variables can take quite some time (~12s here). What
takes the most time is sorting the variables (~9s), followed by the
parsing of our Makefiles (~3s), with the actual printing in the noise.
However, sometimes only one or a few variables are needed. For example,
one may want to retrieve the Linux build dir from a post-build hook (to
get the Linux' actual .config after our fixups and check for various
features).
Add the possibility to only dump the variables listed in $(VAR) which
must be passed as a make argument, like so:
$ make -s printvars VARS="LINUX_DIR TOPDIR O"
LINUX_DIR=/home/ymorin/dev/buildroot/O/build/linux-4.3 ($(BUILD_DIR)/$(LINUX_BASE_NAME))
O=/home/ymorin/dev/buildroot/O/. (/home/ymorin/dev/buildroot/O/.)
TOPDIR=/home/ymorin/dev/buildroot/buildroot (/home/ymorin/dev/buildroot/buildroot)
It is also possible to use make-appterns, like:
$ make -s printvars VARS="BUSYBOX_%"
This is much faster (the time is just about the time it takes to parse
our Makefiles, 3s here) and easier to parse.
[Thomas: improve comment above the printvars target.]
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
When specifying BR2_LINUX_KERNEL_CUSTOM_REPO_VERSION, a user may want to
specify the SHA of a reference different than a branch or tag.
For instance, Gerrit stores the patchsets under refs/changes/xx/xxx, and
Github stores the pull requests under refs/pull/xxx/head.
When cloning a repository with --bare, you don't fetch these references.
This patch uses --mirror for a full clone, in order to give the user
access to all references of the Git repository.
Signed-off-by: Vivien Didelot <vivien.didelot@savoirfairelinux.com>
Reviewed-by: "Maxime Hadjinlian" <maxime.hadjinlian@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This package contains some simple command line tools to help using Linux
spidev devices.
https://github.com/cpb-/spi-tools
The included version is based in a sha1 and not a tagged version as the
current master branch contains autotools support for build but there is
no tagged version with autotools support yet.
The only other quirk with the recipe is related to the VERSION define
which is normally obtained in build time via git for this package, but
that would fail within Buildroot as the package build is normally not
performed inside a git repository.
To work around that, I have added a hook which will substitute change
the VERSION to match that of the Buildroot package.
I have tested this package in an ARM target with a custom SPI device.
Signed-off-by: Erico Nunes <nunes.erico@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
In 785fef10 xattr support was disabled, probably because the old version
did require the xattr package to be present to support it.
In a409d76e xattr support was made optional via (lib)attr, however the
squashfs package does in fact include all of the required bits to
support xattr without the need for the attr package.
So enable xattr support by default for both the host and target
variants.
Signed-off-by: Gustavo Zacarias <gustavo.zacarias@free-electrons.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
