Time to get some fixes out; nothing special, just many small fixes – and some
new features.
Changes from 1.4.32:
http://www.lighttpd.net/2013/9/27/1-4-33/
Signed-off-by: Bruno Thomsen b...@kamstrup.dk
---
rules/lighttpd.make |4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff
Updating openssl to 1.0.1e improves TLS 1.x support in lighttpd.
Signed-off-by: Bruno Thomsen b...@kamstrup.dk
---
rules/openssl.make |4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/rules/openssl.make b/rules/openssl.make
index 35e9aa5..eaeb95a 100644
--- a/rules
/test patch series and resubmit a patch.
Venlig hilsen / Best regards
Kamstrup A/S http://www.kamstrup.dk
Bruno Thomsen
Development engineer
Technology
Kamstrup A/S
Industrivej 28
DK-8660 Skanderborg
Tel: +45 89 93 10 00
Fax: +45 89 93 10 01
Dir: +45 89 93 13 94
Signed-off-by: Bruno Thomsen b...@kamstrup.dk
---
rules/php5.make |3 +++
1 file changed, 3 insertions(+)
diff --git a/rules/php5.make b/rules/php5.make
index b24cd33..f66a664 100644
--- a/rules/php5.make
+++ b/rules/php5.make
@@ -250,6 +250,9 @@ endif
ifdef PTXCONF_PHP5_EXT_SQLITE3
Hi
Updated PHP due to many security flaws in 5.3.10.
Tested on Freescale i.MX28 with ptxdist 2012.04.0.
I'm unsure if newer versions of ptxdist still require the first patch, if not
just discard it.
Bruno Thomsen (2):
Fix compiling of PHP with sqlite3 support on ptxdist 2012.04.0.
php
Fixes a lot of security flaws and bugs.
Changelog:
http://www.php.net/ChangeLog-5.php#5.4.24
Old HACK patch removed since it cannot be applied on configure script.
Signed-off-by: Bruno Thomsen b...@kamstrup.dk
---
...make-it-possible-to-force-cross-compiling.patch | 35
On Tue, Jan 21, 2014 at 04:34:05PM +0100, Bruno Thomsen wrote:
Fixes a lot of security flaws and bugs.
Changelog:
http://www.php.net/ChangeLog-5.php#5.4.24
Old HACK patch removed since it cannot be applied on configure script.
cannot be applied is a bad reason. The correct one
php: version bump 5.3.10 - 5.4.24
Fix compiling of PHP with sqlite3 support on ptxdist 2012.04.0.
Fixes a lot of security flaws and bugs.
Changelog:
http://www.php.net/ChangeLog-5.php#5.4.24
PHP: Removal of curl-wrappers.
This feature has been marked as experimental for years and never turned
Enabled SHA authentication and AES privacy (encryption) using OpenSSL.
Upgraded from libnl1 to libnl3 dependency.
Disable minimal agent when privacy is enabled.
Tested SNMPv3 with USM (User-based Security Model) SHA auth + AES priv, minimal
agent option disabled.
Signed-off-by: Bruno Thomsen b
Version 4.2.6p5 is the latest stable release.
Fixed install ntpq option.
Signed-off-by: Bruno Thomsen b...@kamstrup.dk
---
patches/ntp-4.2.6/Fix-undefined-MOD_NANO.patch | 42 --
patches/ntp-4.2.6/series |1 -
patches/ntp-4.2.6p5/Fix-undefined
://www.kamstrup.dk
Bruno Thomsen
Development engineer
Technology
Kamstrup A/S
Industrivej 28
DK-8660 Skanderborg
Tel: +45 89 93 10 00
Fax: +45 89 93 10 01
Dir: +45 89 93 13 94
E-mail: b...@kamstrup.dk
Web: www.kamstrup.dk
--
ptxdist mailing
.
Signed-off-by: Bruno Thomsen b...@kamstrup.dk
---
rules/net-snmp.in | 13 -
rules/net-snmp.make |5 +++--
2 files changed, 15 insertions(+), 3 deletions(-)
diff --git a/rules/net-snmp.in b/rules/net-snmp.in
index 9821328..052e59e 100644
--- a/rules/net-snmp.in
+++ b/rules/net
13, 2014 at 03:20:26PM +0100, Bruno Thomsen wrote:
Enabled SHA authentication and AES privacy (encryption) using OpenSSL.
Upgraded from libnl1 to libnl3 dependency, and explicitly request libnl3.
Disable minimal agent when privacy is enabled.
Tested SNMPv3 with USM (User-based Security Model
Signed-off-by: Bruno Thomsen b...@kamstrup.dk
---
rules/net-snmp.make | 98 ---
1 file changed, 14 insertions(+), 84 deletions(-)
diff --git a/rules/net-snmp.make b/rules/net-snmp.make
index 6ddb954..a2efc59 100644
--- a/rules/net-snmp.make
+++ b
, Bruno Thomsen wrote:
Signed-off-by: Bruno Thomsen b...@kamstrup.dk
---
rules/net-snmp.make | 98
---
1 file changed, 14 insertions(+), 84 deletions(-)
diff --git a/rules/net-snmp.make b/rules/net-snmp.make index
6ddb954..a2efc59
Multiple bugs were fixed including CVE-2013-7345, CVE-2014-1943, CVE-2014-2270.
Signed-off-by: Bruno Thomsen b...@kamstrup.dk
---
rules/php5.make |4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/rules/php5.make b/rules/php5.make
index ad3e216..90c6996 100644
--- a/rules
to mainline fix.
Signed-off-by: Bruno Thomsen b...@kamstrup.dk
---
.../0001-Fix-build-on-Darwin.patch | 43
patches/dropbear-2013.60/series|4 --
rules/dropbear.make|4 +-
3 files changed, 2
Support for ecdsa, ecdh and curve25519-donna options.
Signed-off-by: Bruno Thomsen b...@kamstrup.dk
---
rules/dropbear.in | 27 +++
rules/dropbear.make | 24
2 files changed, 51 insertions(+)
diff --git a/rules/dropbear.in b/rules
Multiple bugs were fixed including security issues CVE-2014-0238, CVE-2014-0237
and CVE-2014-0185.
Signed-off-by: Bruno Thomsen b...@kamstrup.dk
---
rules/php5.make |4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/rules/php5.make b/rules/php5.make
index 90c6996
Multiple bugs were fixed including security issues CVE-2014-3981,
CVE-2014-0207, CVE-2014-3478, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487,
CVE-2014-4049, CVE-2014-3515.
Signed-off-by: Bruno Thomsen b...@kamstrup.dk
---
v1..v2:
Wrong package hash; Mixup between php 5.4 and 5.5 test.
rules
for ptxdist mainline inclusion.
Signed-off-by: Martin Fisker m...@kamstrup.dk
Signed-off-by: Bruno Thomsen b...@kamstrup.dk
---
...oot-emmc-support-in-fw_printenv-fw_setenv.patch | 182 +
patches/u-boot-2011.12/series | 3 +-
2 files changed, 184 insertions
Signed-off-by: Bruno Thomsen b...@kamstrup.dk
---
rules/dropbear.make | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/rules/dropbear.make b/rules/dropbear.make
index 5cbd4aa..f03d0fc 100644
--- a/rules/dropbear.make
+++ b/rules/dropbear.make
@@ -18,8 +18,8 @@ PACKAGES
:29:12PM +0200, Markus Niebel wrote:
Hello Bruno,
Am 04.08.2014 10:29, wrote Bruno Thomsen:
Provide read/write access to U-Boot environment stored in eMMC flash from
Linux.
Access to U-Boot environment can be very useful; dual kernel/rootfs
images, production default values
: Cups support required but cups-config not located. Make
sure cups-devel related files are installed.
Looks like you are missing Development files CUPS library on host machine.
$ sudo apt-get install libcups2-dev
Venlig hilsen / Best regards
Bruno Thomsen
Development engineer
Technology
Fixes CVE-2014-6271: remote code execution through bash.
Applied missing patches between version 3.2 patch level 48 and 52.
Signed-off-by: Bruno Thomsen b...@kamstrup.dk
---
patches/bash-3.2.48/0001-bash-3.2-patch49.patch | 67 ++
patches/bash-3.2.48/0002-bash-3.2-patch50.patch
Multiple bugs were fixed including security vulnerabilities
CVE-2014-3597, CVE-2014-3538, CVE-2014-3587, CVE-2014-2497,
CVE-2014-5120, CVE-2014-4698 and CVE-2014-4670.
Signed-off-by: Bruno Thomsen b...@kamstrup.dk
---
rules/php5.make | 4 ++--
1 file changed, 2 insertions(+), 2 deletions
Fix CVE-2014-7169.
Applied patches 53 and 54 from version 3.2.
Signed-off-by: Bruno Thomsen b...@kamstrup.dk
---
patches/bash-3.2.48/0005-bash-3.2-patch53.patch | 51 +++
patches/bash-3.2.48/0006-bash-3.2-patch54.patch | 185
patches/bash-3.2.48/series
://www.kamstrup.dk
Bruno Thomsen
Development engineer
Technology
Kamstrup A/S
Industrivej 28
DK-8660 Skanderborg
Tel: +45 89 93 10 00
Fax: +45 89 93 10 01
Dir: +45 89 93 13 94
E-mail: b...@kamstrup.dk
Web: www.kamstrup.dk
--
ptxdist mailing
See upstream changelog for details.
Signed-off-by: Bruno Thomsen b...@kamstrup.dk
---
rules/libcurl.make | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/rules/libcurl.make b/rules/libcurl.make
index f8c77e4..5babcb0 100644
--- a/rules/libcurl.make
+++ b/rules/libcurl.make
Curl plugin was not installed due to typo in ifdef.
Runtime error message:
plugin 'curl' failed to load: /usr/lib/plugins/libstrongswan-curl.so: cannot
open shared object file: No such file or directory
Signed-off-by: Bruno Thomsen b...@kamstrup.dk
---
rules/strongswan.make | 2 +-
1 file
This is useful when handling certificates in a web interface.
Ex. Validate parameters on a PEM certificate.
Signed-off-by: Bruno Thomsen b...@kamstrup.dk
---
rules/php5.in | 7 +++
rules/php5.make | 6 ++
2 files changed, 13 insertions(+)
diff --git a/rules/php5.in b/rules/php5
Multiple bugs were fixed including security vulnerabilities
CVE-2014-3710, CVE-2014-3669, CVE-2014-3670, CVE-2014-3668.
Signed-off-by: Bruno Thomsen b...@kamstrup.dk
---
rules/php5.make | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/rules/php5.make b/rules/php5.make
https://www.google.com
Result:
curl: (77) error setting certificate verify locations:
CAfile: /usr/share/ca-certificates/curl/ca-bundle.crt
CApath: none
Signed-off-by: Bruno Thomsen b...@kamstrup.dk
---
rules/libcurl.in | 57 ++
rules
OpenSSL adds Elliptic Curve support in IKE Diffie-Hellman key exchange.
Signed-off-by: Bruno Thomsen b...@kamstrup.dk
---
rules/strongswan.in | 8
rules/strongswan.make | 5 -
2 files changed, 12 insertions(+), 1 deletion(-)
diff --git a/rules/strongswan.in b/rules/strongswan.in
From: Bruno Thomsen b...@kamstrup.com
Added a new host dummy package that download a specific firefox bundle
of root CA certificates. This functionality is used by libcurl package.
Signed-off-by: Bruno Thomsen b...@kamstrup.com
---
rules/host-certdata.in | 5 +
rules/host-certdata.make
From: Bruno Thomsen b...@kamstrup.com
Install a bundle of X.509 certificates of public Certificate Authorities (CA)
in PEM format.
The bundle is extracted from Mozilla's release tree by a host package called
certdata.
Test case 1:
openssl s_client -connect www.google.com:443 -CAfile
/usr
Hi Michael
Thanks for feedback. I have created 2 new patches that address the issues you
have found.
+$(STATEDIR)/libcurl.extract:
+ @$(call targetinfo)
+ @$(call clean, $(LIBCURL_DIR))
+ @$(call extract, LIBCURL, $(BUILDDIR))
+ @$(call patchin, LIBCURL, $(LIBCURL_DIR))
The new version contain options to enable/disable cipher modes.
Keeping today's default cipher mode.
In a secure solution one would disable CBC and enable CTR.
Signed-off-by: Bruno Thomsen b...@kamstrup.com
---
rules/dropbear.in | 15 +++
rules/dropbear.make | 18
+config DROPBEAR_CBC_CIPHERS
+ bool
+ prompt CBC mode ciphers
+ default y
+ help
+ Enable CBC mode for ciphers. This has security issues though
+ is the most compatible with older SSH implementations.
In that case, shouldn't this be off by default? Those that still
=71049
Signed-off-by: Bruno Thomsen b...@kamstrup.com
---
rules/dropbear.in | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/rules/dropbear.in b/rules/dropbear.in
index 1c1d813..db4a8ab 100644
--- a/rules/dropbear.in
+++ b/rules/dropbear.in
@@ -224,7 +224,6 @@ comment Integrity
The new version contain options to enable/disable cipher modes.
Default security level increased by disabling CBC mode and enabling CTR mode.
Tenable Network Security - Nessus:
http://www.tenable.com/plugins/index.php?view=singleid=70658
Signed-off-by: Bruno Thomsen b...@kamstrup.com
---
rules
Hi Tom,
I am currently working on a kind of dyndns approach and plan to use nsupdate
to make the ddns aware of the new IP. However, it seems that nsupdate is
missing in ptxdist. Is this the case or do I miss something in the
configuration to enable it?
Yes, there are currently no rule to
enable-tools option has been replaced by enable-pki and enable-scepclient
options.
disable-kernel-klips option has been obsoleted.
Signed-off-by: Bruno Thomsen b...@kamstrup.com
---
rules/strongswan.make | 8
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/rules
Subject: [ptxdist] [PATCH] version bump to 2.4.7
Add package name to subject.
version bump to 2.4.7
What about patch set from ppp 2.4.5? Have they been merged/fixed upstream?
/Bruno
--
ptxdist mailing list
ptxdist@pengutronix.de
Disabled new OPcache feature (Zend Optimizer+) due to cross-compiling issue.
https://bugs.php.net/bug.php?id=66103
Package format changed from tar.bz2 to tar.xz.
Signed-off-by: Bruno Thomsen b...@kamstrup.com
---
rules/php5.make | 7 ---
1 file changed, 4 insertions(+), 3 deletions(-)
diff
I am using lighttpd with php-cgi on Freescale i.mx28. Response time of Webgui
could be faster.
Has anyone made experience with php accelerators, or is anyone already using
php5.5 which has Zend Optimizer+ integrated by default. Are there reasons not
go to for php 5.5?
There is currently
-Original Message-
From: ptxdist-boun...@pengutronix.de [mailto:ptxdist-boun...@pengutronix.de]
On Behalf Of Guillermo Rodriguez Garcia
Sent: 11. februar 2015 18:12
To: ptxdist@pengutronix.de
Subject: Re: [ptxdist] license info
OK. My view is that this (storing the license text
Ping..
Are there any outstanding issues with this patch series?
/Bruno
-Original Message-
From: Bruno Thomsen
Sent: 16. januar 2015 12:59
To: m.olbr...@pengutronix.de
Cc: ptxdist@pengutronix.de; Bruno Thomsen
Subject: [PATCH 1/2] host-certdata: root CA certificate bundle downloader
However the smart phone boom of the last few years dramatically changed the
definition of 'small' - the smallest flash devices for our embedded HW starts
now around 2-4 *Giga*bytes. And as smallest does NOT mean cheapest, the
standard flash device at work - right now - is 4 GB eMMC, which
Not needed, as the whole block is enclosed in an if BASH...endif
Otherwise looks good to me, however I'll let Michael look over this
and pick it up after his holidays.
Maybe Michael could also have a look on the old patches for bash 3.2. I don't
know, if they are still needed or not.
Used Debian patch series and ptxdist specific patch from 1.0.1k.
Debian patches was generated using Michael Olbrich's openssl-apply-debian
script using the following source:
openssl_1.0.2-1.debian.tar.xz [MD5: 3df9826bec6f37f4d4d524291ed4f1f3]
Signed-off-by: Bruno Thomsen b...@kamstrup.com
Running prelink with rc.once.d causes a first boot stall
of about 2 minutes on Freescale i.MX28 454MHz ARM9 processor.
This can be expensive if first device boot is during product
manufacturing (assembly, programming, configuration, test).
Signed-off-by: Bruno Thomsen b...@kamstrup.com
---
rules
Hi Marc,
Just fyi in the syslog I found these lines:
Apr 21 11:50:11 [..] [ 1.854104] EXT3-fs: barriers not enabled
Apr 21 11:50:11 [..] [12.856129] kjournald starting. Commit interval 5
seconds
Apr 21 11:50:11 [..] [12.856223] EXT3-fs (mmcblk0p1): warning: maximal mount
count
Hi Juergen,
Running prelink with rc.once.d causes a first boot stall of about 2
minutes on Freescale i.MX28 454MHz ARM9 processor.
This can be expensive if first device boot is during product
manufacturing (assembly, programming, configuration, test).
With Using a recent linker the
typo in subject.
Signed-off-by: Bruno Thomsen b...@kamstrup.com
---
rules/strongswan.make | 14 ++
1 file changed, 10 insertions(+), 4 deletions(-)
diff --git a/rules/strongswan.make b/rules/strongswan.make
index 5e4a76d..2cc0a69 100644
--- a/rules/strongswan.make
+++ b/rules
Removed legacy crypto support.
Version 2: no changes.
Signed-off-by: Bruno Thomsen b...@kamstrup.com
---
rules/strongswan.make | 6 ++
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/rules/strongswan.make b/rules/strongswan.make
index 2cc0a69..9a9dd40 100644
--- a/rules
Removed legacy crypto support.
Signed-off-by: Bruno Thomsen b...@kamstrup.com
---
rules/strongswan.make | 6 ++
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/rules/strongswan.make b/rules/strongswan.make
index 5005930..3c102a7 100644
--- a/rules/strongswan.make
+++ b/rules
This fixes the EAP or PSK IKEv2 authentication vulnerability aka CVE-2015-4171.
Added new configure options: aesni, connmark, forecast, ruby-gems and
python-eggs.
Removed obsolete unit-tester option.
Signed-off-by: Bruno Thomsen b...@kamstrup.com
---
rules/strongswan.make | 11 +++
1
Hey Clemens,
what do you think about my recent OpenSSH patches (not the version bumps) but
enabling the sandbox per default (to use seccomp if available) and the switch
from DSA to Ed25519. ArchLinux and current Debian both generate Ed25519
pubkeys by default and add them as HostKey to
typo in comment subject: strognswan = strongswan
Damn, so close :)
/Bruno
--
ptxdist mailing list
ptxdist@pengutronix.de
Hi Michael,
Enable all Packages (and ALLYES) in a BSP and then run 'ptxdist get' to
download them all.
And the first step must be to support checking md5 or sha256, whichever is
available. We still need md5 so we don't break BSPs with local packages
during the transition.
Sounds like a
Hi,
I am looking for strongswan.make file.
You can find the newest upstream strongswan rule[1][2] in the pengutronix
ptxdist git repository[3].
[1]
http://git.pengutronix.de/?p=ptxdist.git;a=blob_plain;f=rules/strongswan.in;hb=HEAD
[2]
Hi Thomas,
does someone have some information about the use of ofone? I am wondering if
no one else is using it?
I appreciate your feedback!
I am currently working on using ptxdist on a multi-interface hardware device
(ethernet, wifi, gsm) and I setup connman to handle the ethernet and
Hi Hardik,
I trying to add OPENSWAN package into development. I have referred the
following to configure ptxdist.
Any reason you don't use Strongswan[1]?
It's actively maintained in ptxdist, and has good cipher suite support[2].
/Bruno
[1] https://strongswan.org/
[2]
Signed-off-by: Bruno Thomsen b...@kamstrup.com
---
rules/util-linux-ng.make | 1 +
1 file changed, 1 insertion(+)
diff --git a/rules/util-linux-ng.make b/rules/util-linux-ng.make
index be5e528..9b48961 100644
--- a/rules/util-linux-ng.make
+++ b/rules/util-linux-ng.make
@@ -19,6 +19,7
Signed-off-by: Bruno Thomsen b...@kamstrup.com
---
rules/usbutils.make | 1 +
1 file changed, 1 insertion(+)
diff --git a/rules/usbutils.make b/rules/usbutils.make
index c34176d..c369fa4 100644
--- a/rules/usbutils.make
+++ b/rules/usbutils.make
@@ -19,6 +19,7 @@ PACKAGES-$(PTXCONF_USBUTILS
Signed-off-by: Bruno Thomsen b...@kamstrup.com
---
rules/libcoap.make | 1 +
1 file changed, 1 insertion(+)
diff --git a/rules/libcoap.make b/rules/libcoap.make
index 9292ced..73d28de 100644
--- a/rules/libcoap.make
+++ b/rules/libcoap.make
@@ -18,6 +18,7 @@ PACKAGES-$(PTXCONF_LIBCOAP
Signed-off-by: Bruno Thomsen b...@kamstrup.com
---
rules/lighttpd.make | 1 +
1 file changed, 1 insertion(+)
diff --git a/rules/lighttpd.make b/rules/lighttpd.make
index 6fd6fff..5413b3b 100644
--- a/rules/lighttpd.make
+++ b/rules/lighttpd.make
@@ -19,6 +19,7 @@ PACKAGES-$(PTXCONF_LIGHTTPD
Signed-off-by: Bruno Thomsen b...@kamstrup.com
---
rules/iptables.make | 1 +
1 file changed, 1 insertion(+)
diff --git a/rules/iptables.make b/rules/iptables.make
index 67917bd..9fc2714 100644
--- a/rules/iptables.make
+++ b/rules/iptables.make
@@ -21,6 +21,7 @@ PACKAGES-$(PTXCONF_IPTABLES
Signed-off-by: Bruno Thomsen b...@kamstrup.com
---
rules/sqlite.make | 1 +
1 file changed, 1 insertion(+)
diff --git a/rules/sqlite.make b/rules/sqlite.make
index bd2ada0..f0cf330 100644
--- a/rules/sqlite.make
+++ b/rules/sqlite.make
@@ -22,6 +22,7 @@ PACKAGES-$(PTXCONF_SQLITE) += sqlite
Signed-off-by: Bruno Thomsen b...@kamstrup.com
---
rules/strongswan.make | 1 +
1 file changed, 1 insertion(+)
diff --git a/rules/strongswan.make b/rules/strongswan.make
index 033deeb..2eceab9 100644
--- a/rules/strongswan.make
+++ b/rules/strongswan.make
@@ -19,6 +19,7 @@ PACKAGES
Signed-off-by: Bruno Thomsen b...@kamstrup.com
---
rules/libcurl.make | 1 +
1 file changed, 1 insertion(+)
diff --git a/rules/libcurl.make b/rules/libcurl.make
index 2a2f7f9..4e044b5 100644
--- a/rules/libcurl.make
+++ b/rules/libcurl.make
@@ -19,6 +19,7 @@ PACKAGES-$(PTXCONF_LIBCURL
Signed-off-by: Bruno Thomsen b...@kamstrup.com
---
rules/openssl.make | 1 +
1 file changed, 1 insertion(+)
diff --git a/rules/openssl.make b/rules/openssl.make
index a50e64e..bf97a29 100644
--- a/rules/openssl.make
+++ b/rules/openssl.make
@@ -20,6 +20,7 @@ PACKAGES-$(PTXCONF_OPENSSL
Signed-off-by: Bruno Thomsen b...@kamstrup.com
---
rules/net-snmp.make | 1 +
1 file changed, 1 insertion(+)
diff --git a/rules/net-snmp.make b/rules/net-snmp.make
index 7c4cb75..5d22a4b 100644
--- a/rules/net-snmp.make
+++ b/rules/net-snmp.make
@@ -20,6 +20,7 @@ PACKAGES-$(PTXCONF_NET_SNMP
Signed-off-by: Bruno Thomsen b...@kamstrup.com
---
rules/ntp.make | 1 +
1 file changed, 1 insertion(+)
diff --git a/rules/ntp.make b/rules/ntp.make
index ba06543..9f48afe 100644
--- a/rules/ntp.make
+++ b/rules/ntp.make
@@ -19,6 +19,7 @@ PACKAGES-$(PTXCONF_NTP) += ntp
#
NTP_VERSION
but kconfig option should be added when
required nghttp2 lib is added as package.
Signed-off-by: Bruno Thomsen b...@kamstrup.com
---
rules/libcurl.make | 22 ++
1 file changed, 18 insertions(+), 4 deletions(-)
diff --git a/rules/libcurl.make b/rules/libcurl.make
index 822c584
cleanup.
Wrongly included OpenSSH one-liner; changed ed25519 to ecdsa.
Signed-off-by: Bruno Thomsen b...@kamstrup.com
---
rules/dropbear.make | 1 +
1 file changed, 1 insertion(+)
diff --git a/rules/dropbear.make b/rules/dropbear.make
index a659114..9a510a4 100644
--- a/rules/dropbear.make
+++ b
Several bugs were fixed in this release as well as CVE-2015-3152 (keep Nessus
happy).
Added SHA256 package hash in preparation for secure hash usage in ptxdist.
Added myself to credit as this is my 9th upstream php5 patch in the last 15
months.
Signed-off-by: Bruno Thomsen b...@kamstrup.com
what do you think about a script to replace all existing MD5 hashes with
SHA256 instead of replacing all of them individually?
Okay, so you want to create a script that take all rules; download the source;
sha256sum; modify rule.
Sounds like a good idea, but then I would prefer that 2-3 ppl
Hi,
I am currently looking into the possibility of adding ptxdist generation of
a xz rootfs archive, as I thought the feature might be useful for others as
well.
Should it be added as a new script like ptxd_make_image_archive_impl
(image/archive) or implemented in C inside genimage
Hi Michael,
OpenSSL 1.0.2d security release due 9th July 2015[1].
[1] https://mta.openssl.org/pipermail/openssl-announce/2015-July/37.html
Venlig hilsen / Best regards
Kamstrup A/S http://kamstrup.com
Bruno Thomsen
Development engineer
Technology
Kamstrup A/S
Industrivej 28
DK-8660
Hi,
OpenSSL 1.0.2d security release due 9th July 2015[1].
PTXdist master has the new version.
Thanks, we have pulled the update.
/Bruno
--
ptxdist mailing list
ptxdist@pengutronix.de
Hi Christoph,
STRONGSWAN_URL :=
http://download.strongswan.org/$(STRONGSWAN).$(STRONGSWAN_SUFFIX)
Changing here to https to get this security related package would be nice.
Yes, I just tested https and it works flawlessly.
I will send it as a new patch so it's highlighted in
Downloading the package source from an unsecure locations and using an insecure
hash (md5)
would allow a malicious proxy to inject vulnerabilities.
The build system would be unable to detect it.
Signed-off-by: Bruno Thomsen b...@kamstrup.com
---
rules/strongswan.make | 2 +-
1 file changed, 1
Hi
I've applied both patches to my kernel source tree and now the kernel
is starting!
\o/
FYI..
I have just upgraded to OSELAS.Toolchain-2014.12.1 for an ARM926EJ-S (ARMv5TEJ)
based system and Linux kernel 3.14 works.
/Bruno
--
ptxdist mailing list
ptxdist@pengutronix.de
Hi Jan-Marc,
Is there an deterministic way to obtain the list of existent variables for a
project?
ptxdist bash printenv
/Bruno
--
ptxdist mailing list
ptxdist@pengutronix.de
Fixes multiple vulnerabilities:
5.5.28: CVE-2015-6833, CVE-2015-6832, CVE-2015-6831.
5.5.29: CVE-2015-6834, CVE-2015-6835, CVE-2015-6836,
CVE-2015-6837, CVE-2015-6838.
5.5.30: CVE-2015-7803, CVE-2015-7804.
Signed-off-by: Bruno Thomsen <b...@kamstrup.com>
---
rules/php5.make | 4 +
Hi Oliver
> On 22/10/15, Oliver Graute wrote:
> > this patch add Linux-PAM support to ptxdist
>
> some feedback to this patch?
Good job, I had PAM support in my backlog and now I can just use your work :)
/Bruno
smime.p7s
Description: S/MIME cryptographic signature
Hi,
> According to http://www.lighttpd.net/2016/1/2/1.4.39/ this fixes crashes
> introduced in 1.4.36.
>
> Signed-off-by: Alexander Dahl <p...@lespocky.de>
No issues observed with lighttpd-1.4.39 when used in combination with
php-5.5.30, sqlite-3.9.2.0 & openssl-1.0
Currently you have to choose between -o options and -l/-w options.
This patch make it possible to enable all advanced ps features
when the BUSYBOX_DESKTOP flag is enabled.
Signed-off-by: Bruno Thomsen <b...@kamstrup.com>
---
config/busybox/procps/Config.in | 4 ++--
1 file changed, 2 inse
>
> The patches have already been backported and Michael is testing the toolchain
> updates.
Do you have an approx. ETA on the new toolchain? Are we talking weeks or months?
Venlig hilsen / Best regards
Kamstrup A/S
Bruno Thomsen
Development engineer
Technology
Kamstrup A/S
Industri
Hi,
I am having problems with sporadic missing separator error when configuring
PTXdist (2015.10.0) with multiple device tree sources.
When PTXdist ends up in this state it's unable to work on any packages
(clean/targetinstall) except clean all.
I added the extra device tree source after
uot;ptxd_make_dts_dtb: fix
> parallel building").
Thanks, I will apply that fix for now.
Venlig hilsen / Best regards
Bruno Thomsen
Development engineer
Technology
Kamstrup A/S
Industrivej 28
DK-8660 Skanderborg
T: +45 89 93 10 00
D: +45 89 93 13
Hi
This updated patch was never send by Kalle before he completed
his internship and was hired by another department in the company.
He found that the Phar extension does not work in CLI mode
so this combination is now disabled.
In our use-case it's used in CGI mode for on-the-fly compression
of
v2:
- use ptx/endis
- phar extension is broken in cli.
Signed-off-by: Bruno Thomsen <b...@kamstrup.com>
Signed-off-by: Kalle Ladefoged Pedersen <k...@kamstrup.com>
---
rules/php5.in | 11 +++
rules/php5.make | 2 +-
2 files changed, 12 insertions(+), 1 deletion(-)
diff -
Hi,
I had the same compile issue on a Fedora 23 host but got Michaels patch working
with a minor ")" tweak.
Attached working patch just-in-case somebody stumble across the same issue.
/Bruno
diff --git a/rules/cross-gcc.make b/rules/cross-gcc.make
index 00da7a0..068447c 100644
---
Hi,
Just a little FYI :)
host-ncurses version 5.9 does not compile with GCC 7.1.1 that Fedora 26 ships.
I don't have the time ATM to create a proper rule patch.
ncurses-5.9 patch series is no longer needed and here is a rule diff.
diff --git a/rules/ncurses.make
Hi,
We are using Strongswan 5.6.1 with OSELAS 2018.02.0 (gcc 7.3.1) and it builds
just fine.
I can prepare an upstream patch in a few days.
Venlig hilsen / Best regards
Bruno Thomsen
Development engineer
Technology
Kamstrup A/S
Industrivej 28
DK-8660 Skanderborg
T: +45 89 93 10 00
D: +45 89
Hi,
Strongswan is used in products that are shipping today with an expected
lifetime of >10 years.
We don't use systemd so I am unaware of issues relating to that area.
This has been tested on an iMX28 processor running linux 4.14.39 and compiled
with GCC 7.3.1.
/Bruno
Bruno Thomsen
16 new configuration parameters all set as disabled.
1 configuration parameter has been removed.
libhydra has been removed, all plugins and the kernel interface have been
integrated into libcharon.
Signed-off-by: Bruno Thomsen
---
rules/strongswan.make | 22 ++
1 file
1 - 100 of 336 matches
Mail list logo