* [Buildroot] [PATCH 1/3] libgit2: Do not use a bundled zlib.
@ 2018-06-01 15:41 Nicolas Cavallari
2018-06-01 15:41 ` [Buildroot] [PATCH 2/3] libgit2: Bump version to 0.27.1 Nicolas Cavallari
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: Nicolas Cavallari @ 2018-06-01 15:41 UTC (permalink / raw)
To: buildroot
libgit2 depends on zlib. If libgit2's build system does not find a
system zlib, then it compiles a bundled version of it.
Force a dependency on zlib to avoid building this bundled version.
Signed-off-by: Nicolas Cavallari <nicolas.cavallari@green-communications.fr>
---
package/libgit2/Config.in | 1 +
package/libgit2/libgit2.mk | 7 ++-----
2 files changed, 3 insertions(+), 5 deletions(-)
diff --git a/package/libgit2/Config.in b/package/libgit2/Config.in
index 24a1f3b5a9..53ba4d4245 100644
--- a/package/libgit2/Config.in
+++ b/package/libgit2/Config.in
@@ -1,5 +1,6 @@
config BR2_PACKAGE_LIBGIT2
bool "libgit2"
+ select BR2_PACKAGE_ZLIB
help
libgit2 is a portable, pure C implementation of the Git core
methods provided as a linkable library with a solid API,
diff --git a/package/libgit2/libgit2.mk b/package/libgit2/libgit2.mk
index 277a8d46ac..fcace39290 100644
--- a/package/libgit2/libgit2.mk
+++ b/package/libgit2/libgit2.mk
@@ -16,6 +16,8 @@ LIBGIT2_CONF_OPTS = \
-DUSE_ICONV=ON \
-DTHREADSAFE=$(if $(BR2_TOOLCHAIN_HAS_THREADS),ON,OFF)
+LIBGIT2_DEPENDENCIES = zlib
+
# If libiconv is available (for !locale toolchains), then we can use
# it for iconv support. Note that USE_ICONV=ON is still correct even
# without libiconv because (1) most toolchain have iconv support
@@ -25,11 +27,6 @@ ifeq ($(BR2_PACKAGE_LIBICONV),y)
LIBGIT2_DEPENDENCIES += libiconv
endif
-# No option to explicitly enable/disable zlib
-ifeq ($(BR2_PACKAGE_ZLIB),y)
-LIBGIT2_DEPENDENCIES += zlib
-endif
-
ifeq ($(BR2_PACKAGE_LIBSSH2),y)
LIBGIT2_DEPENDENCIES += libssh2
LIBGIT2_CONF_OPTS += -DUSE_SSH=ON
--
2.17.0
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [Buildroot] [PATCH 2/3] libgit2: Bump version to 0.27.1
2018-06-01 15:41 [Buildroot] [PATCH 1/3] libgit2: Do not use a bundled zlib Nicolas Cavallari
@ 2018-06-01 15:41 ` Nicolas Cavallari
2018-06-01 15:42 ` [Buildroot] [PATCH 3/3] libgit2: Fix build with LibreSSL 2.7 Nicolas Cavallari
2018-06-04 20:53 ` [Buildroot] [PATCH 1/3] libgit2: Do not use a bundled zlib Thomas Petazzoni
2 siblings, 0 replies; 4+ messages in thread
From: Nicolas Cavallari @ 2018-06-01 15:41 UTC (permalink / raw)
To: buildroot
Fixes a security vulnerability similar to git's CVE-2018-11235
This release changes some configuration options, so tweak them
accordingly.
Signed-off-by: Nicolas Cavallari <nicolas.cavallari@green-communications.fr>
---
package/libgit2/libgit2.hash | 2 +-
package/libgit2/libgit2.mk | 6 +++---
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/package/libgit2/libgit2.hash b/package/libgit2/libgit2.hash
index cc09af3627..43d8f9930e 100644
--- a/package/libgit2/libgit2.hash
+++ b/package/libgit2/libgit2.hash
@@ -1,3 +1,3 @@
# Locally calculated
-sha256 6a62393e0ceb37d02fe0d5707713f504e7acac9006ef33da1e88960bd78b6eac libgit2-v0.26.0.tar.gz
+sha256 837b11927bc5f64e7f9ab0376f57cfe3ca5aa52ffd2007ac41184b21124fb086 libgit2-v0.27.1.tar.gz
sha256 d9a8038088df84fde493fa33a0f1e537252eeb9642122aa4b862690197152813 COPYING
diff --git a/package/libgit2/libgit2.mk b/package/libgit2/libgit2.mk
index fcace39290..8b7b9f6d77 100644
--- a/package/libgit2/libgit2.mk
+++ b/package/libgit2/libgit2.mk
@@ -4,7 +4,7 @@
#
################################################################################
-LIBGIT2_VERSION = v0.26.0
+LIBGIT2_VERSION = v0.27.1
LIBGIT2_SITE = $(call github,libgit2,libgit2,$(LIBGIT2_VERSION))
LIBGIT2_LICENSE = GPL-2.0 with linking exception
LIBGIT2_LICENSE_FILES = COPYING
@@ -36,9 +36,9 @@ endif
ifeq ($(BR2_PACKAGE_OPENSSL),y)
LIBGIT2_DEPENDENCIES += openssl
-LIBGIT2_CONF_OPTS += -DUSE_OPENSSL=ON
+LIBGIT2_CONF_OPTS += -DUSE_HTTPS=OpenSSL
else
-LIBGIT2_CONF_OPTS += -DUSE_OPENSSL=OFF
+LIBGIT2_CONF_OPTS += -DUSE_HTTPS=OFF
endif
ifeq ($(BR2_PACKAGE_LIBCURL),y)
--
2.17.0
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [Buildroot] [PATCH 3/3] libgit2: Fix build with LibreSSL 2.7
2018-06-01 15:41 [Buildroot] [PATCH 1/3] libgit2: Do not use a bundled zlib Nicolas Cavallari
2018-06-01 15:41 ` [Buildroot] [PATCH 2/3] libgit2: Bump version to 0.27.1 Nicolas Cavallari
@ 2018-06-01 15:42 ` Nicolas Cavallari
2018-06-04 20:53 ` [Buildroot] [PATCH 1/3] libgit2: Do not use a bundled zlib Thomas Petazzoni
2 siblings, 0 replies; 4+ messages in thread
From: Nicolas Cavallari @ 2018-06-01 15:42 UTC (permalink / raw)
To: buildroot
By using an patch from upstream's master branch.
Signed-off-by: Nicolas Cavallari <nicolas.cavallari@green-communications.fr>
---
.../0001-Fix-build-with-LibreSSL-2.7.patch | 45 +++++++++++++++++++
1 file changed, 45 insertions(+)
create mode 100644 package/libgit2/0001-Fix-build-with-LibreSSL-2.7.patch
diff --git a/package/libgit2/0001-Fix-build-with-LibreSSL-2.7.patch b/package/libgit2/0001-Fix-build-with-LibreSSL-2.7.patch
new file mode 100644
index 0000000000..f0be0f0d2f
--- /dev/null
+++ b/package/libgit2/0001-Fix-build-with-LibreSSL-2.7.patch
@@ -0,0 +1,45 @@
+From 7490d449b518115a1ae86b01397e95c38e39cff1 Mon Sep 17 00:00:00 2001
+From: Bernard Spil <brnrd@FreeBSD.org>
+Date: Mon, 2 Apr 2018 20:00:07 +0200
+Subject: [PATCH] Fix build with LibreSSL 2.7
+
+LibreSSL 2.7 adds OpenSSL 1.1 API
+
+Signed-off-by: Bernard Spil <brnrd@FreeBSD.org>
+Signed-off-by: Nicolas Cavallari <nicolas.cavallari@green-communications.fr>
+---
+ src/streams/openssl.c | 3 ++-
+ src/streams/openssl.h | 3 ++-
+ 2 files changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/src/streams/openssl.c b/src/streams/openssl.c
+index 9cbb2746f..adcb7f14e 100644
+--- a/src/streams/openssl.c
++++ b/src/streams/openssl.c
+@@ -104,7 +104,8 @@ int git_openssl_stream_global_init(void)
+ ssl_opts |= SSL_OP_NO_COMPRESSION;
+ #endif
+
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || \
++ (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x20700000L)
+ SSL_load_error_strings();
+ OpenSSL_add_ssl_algorithms();
+ #else
+diff --git a/src/streams/openssl.h b/src/streams/openssl.h
+index 2bbad7c68..44329ec90 100644
+--- a/src/streams/openssl.h
++++ b/src/streams/openssl.h
+@@ -31,7 +31,8 @@ extern int git_openssl__set_cert_location(const char *file, const char *path);
+
+
+
+-# if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
++# if OPENSSL_VERSION_NUMBER < 0x10100000L || \
++ (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x20700000L)
+
+ GIT_INLINE(BIO_METHOD*) BIO_meth_new(int type, const char *name)
+ {
+--
+2.17.0
+
--
2.17.0
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [Buildroot] [PATCH 1/3] libgit2: Do not use a bundled zlib.
2018-06-01 15:41 [Buildroot] [PATCH 1/3] libgit2: Do not use a bundled zlib Nicolas Cavallari
2018-06-01 15:41 ` [Buildroot] [PATCH 2/3] libgit2: Bump version to 0.27.1 Nicolas Cavallari
2018-06-01 15:42 ` [Buildroot] [PATCH 3/3] libgit2: Fix build with LibreSSL 2.7 Nicolas Cavallari
@ 2018-06-04 20:53 ` Thomas Petazzoni
2 siblings, 0 replies; 4+ messages in thread
From: Thomas Petazzoni @ 2018-06-04 20:53 UTC (permalink / raw)
To: buildroot
Hello,
On Fri, 1 Jun 2018 17:41:58 +0200, Nicolas Cavallari wrote:
> libgit2 depends on zlib. If libgit2's build system does not find a
> system zlib, then it compiles a bundled version of it.
>
> Force a dependency on zlib to avoid building this bundled version.
>
> Signed-off-by: Nicolas Cavallari <nicolas.cavallari@green-communications.fr>
> ---
> package/libgit2/Config.in | 1 +
> package/libgit2/libgit2.mk | 7 ++-----
> 2 files changed, 3 insertions(+), 5 deletions(-)
Series applied. Thanks!
Thomas
--
Thomas Petazzoni, CTO, Bootlin (formerly Free Electrons)
Embedded Linux and Kernel engineering
https://bootlin.com
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2018-06-04 20:53 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2018-06-01 15:41 [Buildroot] [PATCH 1/3] libgit2: Do not use a bundled zlib Nicolas Cavallari
2018-06-01 15:41 ` [Buildroot] [PATCH 2/3] libgit2: Bump version to 0.27.1 Nicolas Cavallari
2018-06-01 15:42 ` [Buildroot] [PATCH 3/3] libgit2: Fix build with LibreSSL 2.7 Nicolas Cavallari
2018-06-04 20:53 ` [Buildroot] [PATCH 1/3] libgit2: Do not use a bundled zlib Thomas Petazzoni
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox