[Buildroot] [PATCH 1/6] package infra: remove CPPFLAGS from CFLAGS

[Buildroot] [PATCH 1/6] package infra: remove CPPFLAGS from CFLAGS

[Gustavo Zacarias]

CPPFLAGS don't belong in CFLAGS, and newer autoconf versions just error
out when it's used that way.
This is required for the libcurl bump to 7.30.0

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
---
 package/Makefile.in | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/package/Makefile.in b/package/Makefile.in
index 9ba6e8c..8ba7d70 100644
--- a/package/Makefile.in
+++ b/package/Makefile.in
@@ -100,7 +100,7 @@ ifeq ($(BR2_LARGEFILE),y)
 TARGET_CPPFLAGS += -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64
 endif
 
-TARGET_CFLAGS = $(TARGET_CPPFLAGS) $(TARGET_ABI) $(TARGET_OPTIMIZATION) $(TARGET_DEBUGGING)
+TARGET_CFLAGS = $(TARGET_ABI) $(TARGET_OPTIMIZATION) $(TARGET_DEBUGGING)
 TARGET_CXXFLAGS = $(TARGET_CFLAGS)
 TARGET_LDFLAGS = $(call qstrip,$(BR2_TARGET_LDFLAGS))
 
@@ -179,7 +179,6 @@ SED:=$(shell which sed || type -p sed) -i -e
 
 HOST_CPPFLAGS  = -I$(HOST_DIR)/usr/include
 HOST_CFLAGS   ?= -O2
-HOST_CFLAGS   += $(HOST_CPPFLAGS)
 HOST_CXXFLAGS += $(HOST_CFLAGS)
 HOST_LDFLAGS  += -L$(HOST_DIR)/lib -L$(HOST_DIR)/usr/lib -Wl,-rpath,$(HOST_DIR)/usr/lib
 HOST_PATH=$(HOST_DIR)/bin:$(HOST_DIR)/usr/bin:$(PATH)
-- 
1.8.1.5

[Buildroot] [PATCH 2/6] libnspr: bump to version 4.9.6

[Gustavo Zacarias]

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
---
 package/libnspr/libnspr.mk | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/package/libnspr/libnspr.mk b/package/libnspr/libnspr.mk
index 5b1333d..f5682f6 100644
--- a/package/libnspr/libnspr.mk
+++ b/package/libnspr/libnspr.mk
@@ -3,12 +3,14 @@
 # libnspr
 #
 #############################################################
-LIBNSPR_VERSION = 4.9.2
+
+LIBNSPR_VERSION = 4.9.6
 LIBNSPR_SOURCE = nspr-$(LIBNSPR_VERSION).tar.gz
-LIBNSPR_SITE = https://ftp.mozilla.org/pub/mozilla.org/nspr/releases/v$(LIBNSPR_VERSION)/src/
+LIBNSPR_SITE = https://ftp.mozilla.org/pub/mozilla.org/nspr/releases/v$(LIBNSPR_VERSION)/src
 LIBNSPR_SUBDIR = mozilla/nsprpub
 LIBNSPR_INSTALL_STAGING = YES
 LIBNSPR_CONFIG_SCRIPTS = nspr-config
+LIBNSPR_LICENSE = MPLv2.0
 
 # Set the host CFLAGS and LDFLAGS so NSPR does not guess wrongly
 LIBNSPR_CONF_ENV = HOST_CFLAGS="-g -O2" \
-- 
1.8.1.5

[Buildroot] [PATCH 3/6] libnss: bump to version 3.14.3

[Gustavo Zacarias]

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
---
 package/libnss/libnss.mk | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/package/libnss/libnss.mk b/package/libnss/libnss.mk
index 96faf37..8bb46e2 100644
--- a/package/libnss/libnss.mk
+++ b/package/libnss/libnss.mk
@@ -3,14 +3,17 @@
 # libnss
 #
 #############################################################
-LIBNSS_VERSION = 3.12.9
+
+LIBNSS_VERSION = 3.14.3
 LIBNSS_SOURCE = nss-$(LIBNSS_VERSION).tar.gz
 LIBNSS_SITE_VERSION = $(subst .,_,$(LIBNSS_VERSION))
-LIBNSS_SITE = https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_$(LIBNSS_SITE_VERSION)_RTM/src/
+LIBNSS_SITE = https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_$(LIBNSS_SITE_VERSION)_RTM/src
 LIBNSS_SUBDIR = mozilla/security
 LIBNSS_DISTDIR = mozilla/dist
 LIBNSS_INSTALL_STAGING = YES
 LIBNSS_DEPENDENCIES = libnspr sqlite zlib
+LIBNSS_LICENSE = MPLv2.0
+LIBNSS_LICENSE_FILES = mozilla/security/nss/COPYING
 
 LIBNSS_BUILD_VARS = MOZILLA_CLIENT=1 \
 		NSPR_INCLUDE_DIR=$(STAGING_DIR)/usr/include/nspr \
-- 
1.8.1.5

[Buildroot] [PATCH 4/6] libcurl: bump to version 7.30.0

[Gustavo Zacarias]

And add support for other SSL backends such as gnutls, nss and polarssl.
Also add support for libidn and zlib.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
---
 package/libcurl/libcurl-01-CVE-2013-0249.patch | 65 --------------------------
 package/libcurl/libcurl-02-CVE-2013-1944.patch | 57 ----------------------
 package/libcurl/libcurl.mk                     | 26 ++++++++---
 3 files changed, 20 insertions(+), 128 deletions(-)
 delete mode 100644 package/libcurl/libcurl-01-CVE-2013-0249.patch
 delete mode 100644 package/libcurl/libcurl-02-CVE-2013-1944.patch

diff --git a/package/libcurl/libcurl-01-CVE-2013-0249.patch b/package/libcurl/libcurl-01-CVE-2013-0249.patch
deleted file mode 100644
index 7d2af2a..0000000
--- a/package/libcurl/libcurl-01-CVE-2013-0249.patch
+++ /dev/null
@@ -1,65 +0,0 @@
-From ee45a34907ffeb5fd95b0513040d8491d565b663 Mon Sep 17 00:00:00 2001
-From: Eldar Zaitov <kyprizel@volema.com>
-Date: Wed, 30 Jan 2013 23:22:27 +0100
-Subject: [PATCH] Curl_sasl_create_digest_md5_message: fix buffer overflow
-
-When negotiating SASL DIGEST-MD5 authentication, the function
-Curl_sasl_create_digest_md5_message() uses the data provided from the
-server without doing the proper length checks and that data is then
-appended to a local fixed-size buffer on the stack.
-
-This vulnerability can be exploited by someone who is in control of a
-server that a libcurl based program is accessing with POP3, SMTP or
-IMAP. For applications that accept user provided URLs, it is also
-thinkable that a malicious user would feed an application with a URL to
-a server hosting code targetting this flaw.
-
-Bug: http://curl.haxx.se/docs/adv_20130206.html
----
- lib/curl_sasl.c |   23 ++++++-----------------
- 1 file changed, 6 insertions(+), 17 deletions(-)
-
-diff --git a/lib/curl_sasl.c b/lib/curl_sasl.c
-index 57116b6..d07387d 100644
---- a/lib/curl_sasl.c
-+++ b/lib/curl_sasl.c
-@@ -346,9 +346,7 @@ CURLcode Curl_sasl_create_digest_md5_message(struct SessionHandle *data,
-     snprintf(&HA1_hex[2 * i], 3, "%02x", digest[i]);
- 
-   /* Prepare the URL string */
--  strcpy(uri, service);
--  strcat(uri, "/");
--  strcat(uri, realm);
-+  snprintf(uri, sizeof(uri), "%s/%s", service, realm);
- 
-   /* Calculate H(A2) */
-   ctxt = Curl_MD5_init(Curl_DIGEST_MD5);
-@@ -392,20 +390,11 @@ CURLcode Curl_sasl_create_digest_md5_message(struct SessionHandle *data,
-   for(i = 0; i < MD5_DIGEST_LEN; i++)
-     snprintf(&resp_hash_hex[2 * i], 3, "%02x", digest[i]);
- 
--  strcpy(response, "username=\"");
--  strcat(response, userp);
--  strcat(response, "\",realm=\"");
--  strcat(response, realm);
--  strcat(response, "\",nonce=\"");
--  strcat(response, nonce);
--  strcat(response, "\",cnonce=\"");
--  strcat(response, cnonce);
--  strcat(response, "\",nc=");
--  strcat(response, nonceCount);
--  strcat(response, ",digest-uri=\"");
--  strcat(response, uri);
--  strcat(response, "\",response=");
--  strcat(response, resp_hash_hex);
-+  snprintf(response, sizeof(response),
-+           "username=\"%s\",realm=\"%s\",nonce=\"%s\","
-+           "cnonce=\"%s\",nc=\"%s\",digest-uri=\"%s\",response=%s",
-+           userp, realm, nonce,
-+           cnonce, nonceCount, uri, resp_hash_hex);
- 
-   /* Base64 encode the reply */
-   return Curl_base64_encode(data, response, 0, outptr, outlen);
--- 
-1.7.10.4
-
diff --git a/package/libcurl/libcurl-02-CVE-2013-1944.patch b/package/libcurl/libcurl-02-CVE-2013-1944.patch
deleted file mode 100644
index 18d9c2d..0000000
--- a/package/libcurl/libcurl-02-CVE-2013-1944.patch
+++ /dev/null
@@ -1,57 +0,0 @@
-From 3604fde3d3c9b0d0e389e079aecf470d123ba180 Mon Sep 17 00:00:00 2001
-From: YAMADA Yasuharu <yasuharu.yamada@access-company.com>
-Date: Thu, 11 Apr 2013 00:17:15 +0200
-Subject: [PATCH] cookie: fix tailmatching to prevent cross-domain leakage
-
-Cookies set for 'example.com' could accidentaly also be sent by libcurl
-to the 'bexample.com' (ie with a prefix to the first domain name).
-
-This is a security vulnerabilty, CVE-2013-1944.
-
-Bug: http://curl.haxx.se/docs/adv_20130412.html
----
- lib/cookie.c |   24 +++++++++++++++++++-----
- 1 file changed, 19 insertions(+), 5 deletions(-)
-
-diff --git a/lib/cookie.c b/lib/cookie.c
-index 4b9ec0b..a67204e 100644
---- a/lib/cookie.c
-+++ b/lib/cookie.c
-@@ -118,15 +118,29 @@ static void freecookie(struct Cookie *co)
-   free(co);
- }
- 
--static bool tailmatch(const char *little, const char *bigone)
-+static bool tailmatch(const char *cooke_domain, const char *hostname)
- {
--  size_t littlelen = strlen(little);
--  size_t biglen = strlen(bigone);
-+  size_t cookie_domain_len = strlen(cooke_domain);
-+  size_t hostname_len = strlen(hostname);
- 
--  if(littlelen > biglen)
-+  if(hostname_len < cookie_domain_len)
-     return FALSE;
- 
--  return Curl_raw_equal(little, bigone+biglen-littlelen) ? TRUE : FALSE;
-+  if(!Curl_raw_equal(cooke_domain, hostname+hostname_len-cookie_domain_len))
-+    return FALSE;
-+
-+  /* A lead char of cookie_domain is not '.'.
-+     RFC6265 4.1.2.3. The Domain Attribute says:
-+       For example, if the value of the Domain attribute is
-+       "example.com", the user agent will include the cookie in the Cookie
-+       header when making HTTP requests to example.com, www.example.com, and
-+       www.corp.example.com.
-+   */
-+  if(hostname_len == cookie_domain_len)
-+    return TRUE;
-+  if('.' == *(hostname + hostname_len - cookie_domain_len - 1))
-+    return TRUE;
-+  return FALSE;
- }
- 
- /*
--- 
-1.7.10.4
-
diff --git a/package/libcurl/libcurl.mk b/package/libcurl/libcurl.mk
index f0236d9..39eef10 100644
--- a/package/libcurl/libcurl.mk
+++ b/package/libcurl/libcurl.mk
@@ -4,9 +4,12 @@
 #
 #############################################################
 
-LIBCURL_VERSION = 7.28.1
+LIBCURL_VERSION = 7.30.0
 LIBCURL_SOURCE = curl-$(LIBCURL_VERSION).tar.bz2
 LIBCURL_SITE = http://curl.haxx.se/download
+LIBCURL_DEPENDENCIES = host-pkgconf \
+	$(if $(BR2_PACKAGE_ZLIB),zlib) \
+	$(if $(BR2_PACKAGE_LIBIDN),libidn)
 LIBCURL_LICENSE = ICS
 LIBCURL_LICENSE_FILES = COPYING
 LIBCURL_INSTALL_STAGING = YES
@@ -15,23 +18,34 @@ LIBCURL_INSTALL_STAGING = YES
 # on non-MMU platforms. Moreover, this authentication method is
 # probably almost never used. See
 # http://curl.haxx.se/docs/manpage.html#--ntlm.
-LIBCURL_CONF_OPT = --disable-verbose --disable-manual \
-	--enable-hidden-symbols --disable-ntlm-wb
+LIBCURL_CONF_OPT = --disable-verbose --disable-manual --disable-ntlm-wb \
+	--enable-hidden-symbols --with-random=/dev/urandom
 LIBCURL_CONFIG_SCRIPTS = curl-config
 
 ifeq ($(BR2_PACKAGE_OPENSSL),y)
-LIBCURL_DEPENDENCIES += openssl
 LIBCURL_CONF_ENV += ac_cv_lib_crypto_CRYPTO_lock=yes
 # configure adds the cross openssl dir to LD_LIBRARY_PATH which screws up
 # native stuff during the rest of configure when target == host.
 # Fix it by setting LD_LIBRARY_PATH to something sensible so those libs
 # are found first.
+LIBCURL_DEPENDENCIES += openssl
 LIBCURL_CONF_ENV += LD_LIBRARY_PATH=$$LD_LIBRARY_PATH:/lib:/usr/lib
 LIBCURL_CONF_OPT += --with-ssl=$(STAGING_DIR)/usr \
-	--with-random=/dev/urandom \
 	--with-ca-path=/etc/ssl/certs
+LIBCURL_DEPENDENCIES += openssl
+else ifeq ($(BR2_PACKAGE_GNUTLS),y)
+LIBCURL_CONF_OPT += --with-gnutls=$(STAGING_DIR)/usr
+LIBCURL_DEPENDENCIES += gnutls
+else ifeq ($(BR2_PACKAGE_POLARSSL),y)
+LIBCURL_CONF_OPT += --with-polarssl=$(STAGING_DIR)/usr
+LIBCURL_DEPENDENCIES += polarssl
+else ifeq ($(BR2_PACKAGE_LIBNSS),y)
+LIBCURL_CONF_OPT += --with-nss=$(STAGING_DIR)/usr
+LIBCURL_CONF_ENV += CPPFLAGS="$(TARGET_CPPFLAGS) `$(PKG_CONFIG_HOST_BINARY) nspr nss --cflags`"
+LIBCURL_DEPENDENCIES += libnss
 else
-LIBCURL_CONF_OPT += --without-ssl
+LIBCURL_CONF_OPT += --without-ssl --without-gnutls \
+	--without-polarssl --without-nss
 endif
 
 define LIBCURL_FIX_DOT_PC
-- 
1.8.1.5

[Buildroot] [PATCH 5/6] p11-kit: new package

[Gustavo Zacarias]

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
---
 package/Config.in          |  1 +
 package/p11-kit/Config.in  | 15 +++++++++++++++
 package/p11-kit/p11-kit.mk | 15 +++++++++++++++
 3 files changed, 31 insertions(+)
 create mode 100644 package/p11-kit/Config.in
 create mode 100644 package/p11-kit/p11-kit.mk

diff --git a/package/Config.in b/package/Config.in
index 59effbe..51b2539 100644
--- a/package/Config.in
+++ b/package/Config.in
@@ -604,6 +604,7 @@ source "package/mpc/Config.in"
 source "package/mpfr/Config.in"
 source "package/mtdev2tuio/Config.in"
 source "package/orc/Config.in"
+source "package/p11-kit/Config.in"
 source "package/poco/Config.in"
 source "package/protobuf/Config.in"
 source "package/protobuf-c/Config.in"
diff --git a/package/p11-kit/Config.in b/package/p11-kit/Config.in
new file mode 100644
index 0000000..40a07d3
--- /dev/null
+++ b/package/p11-kit/Config.in
@@ -0,0 +1,15 @@
+config BR2_PACKAGE_P11_KIT
+	bool "p11-kit"
+	depends on !BR2_PREFER_STATIC_LIB
+	depends on BR2_USE_MMU
+	depends on BR2_TOOLCHAIN_HAS_THREADS
+	select BR2_PACKAGE_LIBTASN1
+	help
+	  Provides a way to load and enumerate PKCS#11 modules.
+	  Provides a standard configuration setup for installing PKCS#11
+	  modules in such a way that they're discoverable.
+
+	  http://p11-glue.freedesktop.org/p11-kit.html
+
+comment "p11-kit requires a toolchain with thread support"
+	depends on !BR2_TOOLCHAIN_HAS_THREADS
diff --git a/package/p11-kit/p11-kit.mk b/package/p11-kit/p11-kit.mk
new file mode 100644
index 0000000..2ddb27c
--- /dev/null
+++ b/package/p11-kit/p11-kit.mk
@@ -0,0 +1,15 @@
+#############################################################
+#
+# p11-kit
+#
+#############################################################
+
+P11_KIT_VERSION = 0.18.1
+P11_KIT_SITE = http://p11-glue.freedesktop.org/releases
+P11_KIT_DEPENDENCIES = host-pkgconf libtasn1
+P11_KIT_INSTALL_STAGING = YES
+P11_KIT_CONF_OPT = --disable-static
+P11_KIT_LICENSE = BSD-3c
+P11_KIT_LICENSE_FILES = COPYING
+
+$(eval $(autotools-package))
-- 
1.8.1.5

[Buildroot] [PATCH 6/6] gnutls: bump to version 3.2.0

[Gustavo Zacarias]

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
---
 package/gnutls/Config.in                           | 15 ++++++
 ...gnutls-correct_rpl_gettimeofday_signature.patch | 58 ----------------------
 package/gnutls/gnutls.mk                           | 29 ++++++++---
 3 files changed, 38 insertions(+), 64 deletions(-)
 delete mode 100644 package/gnutls/gnutls-correct_rpl_gettimeofday_signature.patch

diff --git a/package/gnutls/Config.in b/package/gnutls/Config.in
index 038b3fb..6c741a6 100644
--- a/package/gnutls/Config.in
+++ b/package/gnutls/Config.in
@@ -1,6 +1,7 @@
 config BR2_PACKAGE_GNUTLS
 	bool "gnutls"
 	select BR2_PACKAGE_NETTLE
+	select BR2_PACKAGE_PCRE
 	depends on BR2_USE_WCHAR
 	help
 	  GnuTLS is a secure communications library implementing the SSL
@@ -8,6 +9,20 @@ config BR2_PACKAGE_GNUTLS
 
 	  http://www.gnutls.org
 
+config BR2_PACKAGE_GNUTLS_PKCS11
+	bool "PKCS#11 support"
+	depends on !BR2_PREFER_STATIC_LIB
+	depends on BR2_USE_MMU
+	depends on BR2_PACKAGE_GNUTLS
+	depends on BR2_TOOLCHAIN_HAS_THREADS
+	select BR2_PACKAGE_LIBTASN1
+	select BR2_PACKAGE_P11_KIT
+	help
+	  Enable PKCS#11 support in gnutls.
+
+comment "gnutls pkcs#11 support requires a toolchain with thread support"
+	depends on BR2_PACKAGE_GNUTLS && !BR2_TOOLCHAIN_HAS_THREADS
+
 config BR2_PACKAGE_GNUTLS_TOOLS
 	bool "install tools"
 	depends on BR2_PACKAGE_GNUTLS
diff --git a/package/gnutls/gnutls-correct_rpl_gettimeofday_signature.patch b/package/gnutls/gnutls-correct_rpl_gettimeofday_signature.patch
deleted file mode 100644
index 9188708..0000000
--- a/package/gnutls/gnutls-correct_rpl_gettimeofday_signature.patch
+++ /dev/null
@@ -1,58 +0,0 @@
-[PATCH] fix build on uClibc
-
-Currently we fail on uclibc like below
-
-| In file included from /home/kraj/work/angstrom/sources/openembedded-core/build/tmp-uclibc/sysroots/qemuarm/usr/include/sys/procfs.h:32:0,
-|                  from /home/kraj/work/angstrom/sources/openembedded-core/build/tmp-uclibc/sysroots/qemuarm/usr/include/sys/ucontext.h:26,
-|                  from /home/kraj/work/angstrom/sources/openembedded-core/build/tmp-uclibc/sysroots/qemuarm/usr/include/signal.h:392,
-|                  from ../../gl/signal.h:52,
-|                  from ../../gl/sys/select.h:58,
-|                  from /home/kraj/work/angstrom/sources/openembedded-core/build/tmp-uclibc/sysroots/qemuarm/usr/include/sys/types.h:220,
-|                  from ../../gl/sys/types.h:28,
-|                  from ../../lib/includes/gnutls/gnutls.h:46,
-|                  from ex-cxx.cpp:3:
-| ../../gl/sys/time.h:396:66: error: conflicting declaration 'void* restrict'
-| ../../gl/sys/time.h:396:50: error: 'restrict' has a previous declaration as 'timeval* restrict'
-| make[4]: *** [ex-cxx.o] Error 1
-| make[4]: *** Waiting for unfinished jobs....
-
-
-GCC detects that we call 'restrict' as param name in function
-signatures and complains since both params are called 'restrict'
-therefore we use __restrict to denote the C99 keywork
-
-This only happens of uclibc since this code is not excercised with
-eglibc otherwise we will have same issue there too
-
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
-Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
-
-Index: gnutls-2.12.14/gl/sys_time.in.h
-===================================================================
---- gnutls-2.12.14.orig/gl/sys_time.in.h	2012-01-15 10:54:39.517285351 -0800
-+++ gnutls-2.12.14/gl/sys_time.in.h	2012-01-15 10:59:23.773299108 -0800
-@@ -82,20 +82,20 @@
- #    define gettimeofday rpl_gettimeofday
- #   endif
- _GL_FUNCDECL_RPL (gettimeofday, int,
--                  (struct timeval *restrict, void *restrict)
-+                  (struct timeval *__restrict, void *__restrict)
-                   _GL_ARG_NONNULL ((1)));
- _GL_CXXALIAS_RPL (gettimeofday, int,
--                  (struct timeval *restrict, void *restrict));
-+                  (struct timeval *__restrict, void *__restrict));
- #  else
- #   if !@HAVE_GETTIMEOFDAY@
- _GL_FUNCDECL_SYS (gettimeofday, int,
--                  (struct timeval *restrict, void *restrict)
-+                  (struct timeval *__restrict, void *__restrict)
-                   _GL_ARG_NONNULL ((1)));
- #   endif
- /* Need to cast, because on glibc systems, by default, the second argument is
-                                                   struct timezone *.  */
- _GL_CXXALIAS_SYS_CAST (gettimeofday, int,
--                       (struct timeval *restrict, void *restrict));
-+                       (struct timeval *__restrict, void *__restrict));
- #  endif
- _GL_CXXALIASWARN (gettimeofday);
- # elif defined GNULIB_POSIXCHECK
diff --git a/package/gnutls/gnutls.mk b/package/gnutls/gnutls.mk
index 610a5a2..45ddea8 100644
--- a/package/gnutls/gnutls.mk
+++ b/package/gnutls/gnutls.mk
@@ -4,22 +4,39 @@
 #
 #############################################################
 
-GNUTLS_VERSION = 3.1.9
+GNUTLS_VERSION = 3.2.0
 GNUTLS_SOURCE = gnutls-$(GNUTLS_VERSION).tar.xz
-GNUTLS_SITE = ftp://ftp.gnutls.org/gcrypt/gnutls/v3.1
-GNUTLS_LICENSE = GPLv3+ LGPLv3
+GNUTLS_SITE = ftp://ftp.gnutls.org/gcrypt/gnutls/v3.2
+GNUTLS_LICENSE = GPLv3+ LGPLv2.1+
 GNUTLS_LICENSE_FILES = COPYING COPYING.LESSER
-GNUTLS_DEPENDENCIES = host-pkgconf nettle $(if $(BR2_PACKAGE_ZLIB),zlib)
-GNUTLS_CONF_OPT = --with-libnettle-prefix=$(STAGING_DIR)/usr --disable-rpath
+GNUTLS_DEPENDENCIES = host-pkgconf nettle pcre \
+	$(if $(BR2_PACKAGE_GNUTLS_PKCS11),p11-kit) \
+	$(if $(BR2_PACKAGE_LIBIDN),libidn) \
+	$(if $(BR2_PACKAGE_LIBTASN1),libtasn1) \
+	$(if $(BR2_PACKAGE_ZLIB),zlib)
+GNUTLS_CONF_OPT = --with-libnettle-prefix=$(STAGING_DIR)/usr --disable-rpath \
+	--disable-doc --disable-guile
 GNUTLS_CONF_ENV = gl_cv_socket_ipv6=$(if $(BR2_INET_IPV6),yes,no) \
 	ac_cv_header_wchar_h=$(if $(BR2_USE_WCHAR),yes,no) \
 	gt_cv_c_wchar_t=$(if $(BR2_USE_WCHAR),yes,no) \
-	gt_cv_c_wint_t=$(if $(BR2_USE_WCHAR),yes,no)
+	gt_cv_c_wint_t=$(if $(BR2_USE_WCHAR),yes,no) \
+	gl_cv_func_gettimeofday_clobber=no
 GNUTLS_INSTALL_STAGING = YES
 
 # libpthread autodetection poisons the linkpath
 GNUTLS_CONF_OPT += $(if $(BR2_TOOLCHAIN_HAS_THREADS),--with-libpthread-prefix=$(STAGING_DIR)/usr)
 
+# gnutls needs libregex, but pcre can be used too
+# The check isn't cross-compile friendly
+define GNUTLS_LIBREGEX_CHECK_FIX
+	$(SED) 's/libopts_cv_with_libregex=no/libopts_cv_with_libregex=yes/g;'\
+		$(@D)/configure
+endef
+GNUTLS_PRE_CONFIGURE_HOOKS += GNUTLS_LIBREGEX_CHECK_FIX
+GNUTLS_CONF_OPT += --with-regex-header=pcreposix.h \
+	--with-libregex-cflags="`$(PKG_CONFIG_HOST_BINARY) libpcreposix --cflags`" \
+	--with-libregex-libs="`$(PKG_CONFIG_HOST_BINARY) libpcreposix --libs`"
+
 # libidn support for nommu must exclude the crywrap wrapper (uses fork)
 GNUTLS_CONF_OPT += $(if $(BR2_USE_MMU),,--disable-crywrap)
 GNUTLS_DEPENDENCIES += $(if $(BR2_PACKAGE_LIBIDN),libidn)
-- 
1.8.1.5

[Buildroot] [PATCH 1/6] package infra: remove CPPFLAGS from CFLAGS

[Thomas Petazzoni]

Dear Gustavo Zacarias,

On Mon, 13 May 2013 13:40:54 -0300, Gustavo Zacarias wrote:

> -TARGET_CFLAGS = $(TARGET_CPPFLAGS) $(TARGET_ABI) $(TARGET_OPTIMIZATION) $(TARGET_DEBUGGING)
> +TARGET_CFLAGS = $(TARGET_ABI) $(TARGET_OPTIMIZATION) $(TARGET_DEBUGGING)
>  TARGET_CXXFLAGS = $(TARGET_CFLAGS)
>  TARGET_LDFLAGS = $(call qstrip,$(BR2_TARGET_LDFLAGS))
>  
> @@ -179,7 +179,6 @@ SED:=$(shell which sed || type -p sed) -i -e
>  
>  HOST_CPPFLAGS  = -I$(HOST_DIR)/usr/include
>  HOST_CFLAGS   ?= -O2
> -HOST_CFLAGS   += $(HOST_CPPFLAGS)
>  HOST_CXXFLAGS += $(HOST_CFLAGS)
>  HOST_LDFLAGS  += -L$(HOST_DIR)/lib -L$(HOST_DIR)/usr/lib -Wl,-rpath,$(HOST_DIR)/usr/lib
>  HOST_PATH=$(HOST_DIR)/bin:$(HOST_DIR)/usr/bin:$(PATH)

Do we have packages that pass TARGET_CFLAGS and/or HOST_CFLAGS, and are
not passing TARGET_CPPFLAGS / HOST_CPPFLAGS ?

One example: the bsdiff package:

define BSDIFF_BUILD_CMDS
        $(TARGET_CC) $(TARGET_CFLAGS) $(TARGET_LDFLAGS) \
                $(@D)/bsdiff.c -lbz2 -o $(@D)/bsdiff
        $(TARGET_CC) $(TARGET_CFLAGS) $(TARGET_LDFLAGS) \
                $(@D)/bspatch.c -lbz2 -o $(@D)/bspatch
endef

After your patch, the -D_LARGEFILE_BLABLA stuff is no longer passed
when building this package.

Another example, the feh package. Another one, input-tools. And I'm
sure there are more.

So, I agree with the change, but I think it needs a much thorough
investigation of which packages are using $(TARGET_CFLAGS) without
passing $(TARGET_CPPFLAGS).

Best regards,

Thomas
-- 
Thomas Petazzoni, Free Electrons
Kernel, drivers, real-time and embedded Linux
development, consulting, training and support.
http://free-electrons.com

[Buildroot] [PATCH 1/6] package infra: remove CPPFLAGS from CFLAGS

[Gustavo Zacarias]

On 05/13/2013 02:10 PM, Thomas Petazzoni wrote:

> Do we have packages that pass TARGET_CFLAGS and/or HOST_CFLAGS, and are
> not passing TARGET_CPPFLAGS / HOST_CPPFLAGS ?
> 
> One example: the bsdiff package:
> 
> define BSDIFF_BUILD_CMDS
>         $(TARGET_CC) $(TARGET_CFLAGS) $(TARGET_LDFLAGS) \
>                 $(@D)/bsdiff.c -lbz2 -o $(@D)/bsdiff
>         $(TARGET_CC) $(TARGET_CFLAGS) $(TARGET_LDFLAGS) \
>                 $(@D)/bspatch.c -lbz2 -o $(@D)/bspatch
> endef
> 
> After your patch, the -D_LARGEFILE_BLABLA stuff is no longer passed
> when building this package.
> 
> Another example, the feh package. Another one, input-tools. And I'm
> sure there are more.
> 
> So, I agree with the change, but I think it needs a much thorough
> investigation of which packages are using $(TARGET_CFLAGS) without
> passing $(TARGET_CPPFLAGS).

On the build-side of things there aren't any unexpected build failures
(allyespackageconfig that lead to my latest fixes because of other issues).
This is meant as a first try and i'm sure there will be packages that'll
need to be modified, but we'd rather do this sooner rather than later,
specially if we want to push new autotools where -D* isn't acceptable in
CFLAGS (be it via auto* bump + autoreconf or just plain shipped
configure in packages based on newer autotools).
We could also filter out for "strict" (new auto* packages) too, but
that's a sloppy way downhill.
I just want to keep this patchset apart from the package-fixing one,
since it's likely this won't change much and i'm not a fan of 1/N with N
being a huge number just to add a few patchfixes here/there (with the
fix patches maybe even getting commited before this patchset - it
shouldn't hurt).
Regards.

[Buildroot] [PATCH 1/6] package infra: remove CPPFLAGS from CFLAGS

[Thomas Petazzoni]

Dear Gustavo Zacarias,

On Mon, 13 May 2013 14:22:08 -0300, Gustavo Zacarias wrote:

> > After your patch, the -D_LARGEFILE_BLABLA stuff is no longer passed
> > when building this package.
> > 
> > Another example, the feh package. Another one, input-tools. And I'm
> > sure there are more.
> > 
> > So, I agree with the change, but I think it needs a much thorough
> > investigation of which packages are using $(TARGET_CFLAGS) without
> > passing $(TARGET_CPPFLAGS).
> 
> On the build-side of things there aren't any unexpected build failures
> (allyespackageconfig that lead to my latest fixes because of other issues).

Build failures no, but packages not having large file support because
-D_LARGEFILE_BLA is not passed, cerainly.

> This is meant as a first try and i'm sure there will be packages that'll
> need to be modified, but we'd rather do this sooner rather than later,
> specially if we want to push new autotools where -D* isn't acceptable in
> CFLAGS (be it via auto* bump + autoreconf or just plain shipped
> configure in packages based on newer autotools).

Agreed.

> We could also filter out for "strict" (new auto* packages) too, but
> that's a sloppy way downhill.

Yes, we probably don't want to do that.

> I just want to keep this patchset apart from the package-fixing one,
> since it's likely this won't change much and i'm not a fan of 1/N with N
> being a huge number just to add a few patchfixes here/there (with the
> fix patches maybe even getting commited before this patchset - it
> shouldn't hurt).

I believe there should be first an audit of where TARGET_CFLAGS is
used. Then, wherever needed, fixes to ensure both TARGET_CFLAGS and
TARGET_CPPFLAGS are used (or, if possible, usage of
TARGET_CONFIGURE_OPTS). Once those fixes are made, your patch that
separates TARGET_CPPFLAGS from TARGET_CFLAGS can go in.

A quick "grep TARGET_CFLAGS" in package/ gives 110 packages using it.
In most cases, it's probably $(TARGET_CONFIGURE_OPTS) being passed +
CFLAGS="$(TARGET_CFLAGS) -bleh", which is already correct seems
CPPFLAGS is passed. But of course there might be packages that use a
custom Makefile that obeys to CFLAGS but not CPPFLAGS. Not sure what we
can do about these except slowly figuring out that they need fixing.

Best regards,

Thomas
-- 
Thomas Petazzoni, Free Electrons
Kernel, drivers, real-time and embedded Linux
development, consulting, training and support.
http://free-electrons.com

[Buildroot] [PATCH 1/6] package infra: remove CPPFLAGS from CFLAGS

[Gustavo Zacarias]

On 05/13/2013 03:20 PM, Thomas Petazzoni wrote:
> I believe there should be first an audit of where TARGET_CFLAGS is
> used. Then, wherever needed, fixes to ensure both TARGET_CFLAGS and
> TARGET_CPPFLAGS are used (or, if possible, usage of
> TARGET_CONFIGURE_OPTS). Once those fixes are made, your patch that
> separates TARGET_CPPFLAGS from TARGET_CFLAGS can go in.
> 
> A quick "grep TARGET_CFLAGS" in package/ gives 110 packages using it.
> In most cases, it's probably $(TARGET_CONFIGURE_OPTS) being passed +
> CFLAGS="$(TARGET_CFLAGS) -bleh", which is already correct seems
> CPPFLAGS is passed. But of course there might be packages that use a
> custom Makefile that obeys to CFLAGS but not CPPFLAGS. Not sure what we
> can do about these except slowly figuring out that they need fixing.

Looking into generic packages which are the most likely to have
differences because of custom Makefiles the general majority don't seem
to understand CPPFLAGS, so other than doing
SOMETHING="$(TARGET_CPPFLAGS) $(TARGET_CFLAGS)" there doesn't seem to be
much to do about it.
We could define a TARGET_GENERIC_CFLAGS == TARGET_CPPFLAGS +
TARGET_CFLAGS (like now) or something like that and make those package
use that, after all it's the auto* packages that have issues with that.
On the other hand it's a nice opportunity for some miscellaneous
cleanups like using $(INSTALL) instead of install, removing redundant
*_SOURCE definitions and stuff like that.
Regards.

[Buildroot] [PATCH 1/6] package infra: remove CPPFLAGS from CFLAGS

[Arnout Vandecappelle]

On 14/05/13 00:09, Gustavo Zacarias wrote:
> On 05/13/2013 03:20 PM, Thomas Petazzoni wrote:
>> I believe there should be first an audit of where TARGET_CFLAGS is
>> used. Then, wherever needed, fixes to ensure both TARGET_CFLAGS and
>> TARGET_CPPFLAGS are used (or, if possible, usage of
>> TARGET_CONFIGURE_OPTS). Once those fixes are made, your patch that
>> separates TARGET_CPPFLAGS from TARGET_CFLAGS can go in.
>>
>> A quick "grep TARGET_CFLAGS" in package/ gives 110 packages using it.
>> In most cases, it's probably $(TARGET_CONFIGURE_OPTS) being passed +
>> CFLAGS="$(TARGET_CFLAGS) -bleh", which is already correct seems
>> CPPFLAGS is passed. But of course there might be packages that use a
>> custom Makefile that obeys to CFLAGS but not CPPFLAGS. Not sure what we
>> can do about these except slowly figuring out that they need fixing.
>
> Looking into generic packages which are the most likely to have
> differences because of custom Makefiles the general majority don't seem
> to understand CPPFLAGS, so other than doing
> SOMETHING="$(TARGET_CPPFLAGS) $(TARGET_CFLAGS)" there doesn't seem to be
> much to do about it.
> We could define a TARGET_GENERIC_CFLAGS == TARGET_CPPFLAGS +
> TARGET_CFLAGS (like now) or something like that and make those package
> use that, after all it's the auto* packages that have issues with that.
> On the other hand it's a nice opportunity for some miscellaneous
> cleanups like using $(INSTALL) instead of install, removing redundant
> *_SOURCE definitions and stuff like that.
> Regards.

  TARGET_CPPFLAGS is _only_ used to set the largefile defines. So I think 
it's much easier to leave it out entirely, and pass those defines in 
CFLAGS. There may be one or two packages that break because they rely on 
correct CPPFLAGS, but for these we can send the largefile defines explicitly.

  So:

TARGET_LARGEFILE_CFLAGS = -D_LARGEFILE_SOURCE ...

TARGET_CFLAGS = $(TARGET_LARGEFILE_CFLAGS) ...

Remove the CPPFLAGS="$(TARGET_CPPFLAGS)" from TARGET_CONFIGURE_OPTS

Fixup the packages that use TARGET_CPPFLAGS


  HOST_CPPFLAGS is another story. It contains -I$(HOST_DIR)/usr/include. 
But that one _will_ trigger build failures if it is not passed correctly, 
so there Gustavo's patch is safe.

  Regards,
  Arnout


-- 
Arnout Vandecappelle                          arnout at mind be
Senior Embedded Software Architect            +32-16-286500
Essensium/Mind                                http://www.mind.be
G.Geenslaan 9, 3001 Leuven, Belgium           BE 872 984 063 RPR Leuven
LinkedIn profile: http://www.linkedin.com/in/arnoutvandecappelle
GPG fingerprint:  7CB5 E4CC 6C2E EFD4 6E3D A754 F963 ECAB 2450 2F1F

[Buildroot] [PATCH 1/6] package infra: remove CPPFLAGS from CFLAGS

[Thomas Petazzoni]

Dear Arnout Vandecappelle,

On Tue, 14 May 2013 01:02:45 +0200, Arnout Vandecappelle wrote:

>   TARGET_CPPFLAGS is _only_ used to set the largefile defines. So I think 
> it's much easier to leave it out entirely, and pass those defines in 
> CFLAGS. There may be one or two packages that break because they rely on 
> correct CPPFLAGS, but for these we can send the largefile defines explicitly.
> 
>   So:
> 
> TARGET_LARGEFILE_CFLAGS = -D_LARGEFILE_SOURCE ...
> 
> TARGET_CFLAGS = $(TARGET_LARGEFILE_CFLAGS) ...
> 
> Remove the CPPFLAGS="$(TARGET_CPPFLAGS)" from TARGET_CONFIGURE_OPTS

No, that's precisely the problem Gustavo had: newer autotools version
do *NOT* want to have -D_BLABLA in CFLAGS, they only accept it in
CPPFLAGS.

See the original patch from Gustavo:

"""
CPPFLAGS don't belong in CFLAGS, and newer autoconf versions just error
out when it's used that way.
"""

So the whole purpose of the discussion is precisely that we can't any
longer pass the -D_LARGEFILE_SOURCE in TARGET_CFLAGS :)

Best regards,

Thomas
-- 
Thomas Petazzoni, Free Electrons
Kernel, drivers, real-time and embedded Linux
development, consulting, training and support.
http://free-electrons.com

[Buildroot] [PATCH 1/6] package infra: remove CPPFLAGS from CFLAGS

[Arnout Vandecappelle]

On 14/05/13 09:17, Thomas Petazzoni wrote:
> Dear Arnout Vandecappelle,
>
> On Tue, 14 May 2013 01:02:45 +0200, Arnout Vandecappelle wrote:
>
>>    TARGET_CPPFLAGS is _only_ used to set the largefile defines. So I think
>> it's much easier to leave it out entirely, and pass those defines in
>> CFLAGS. There may be one or two packages that break because they rely on
>> correct CPPFLAGS, but for these we can send the largefile defines explicitly.
>>
>>    So:
>>
>> TARGET_LARGEFILE_CFLAGS = -D_LARGEFILE_SOURCE ...
>>
>> TARGET_CFLAGS = $(TARGET_LARGEFILE_CFLAGS) ...
>>
>> Remove the CPPFLAGS="$(TARGET_CPPFLAGS)" from TARGET_CONFIGURE_OPTS
>
> No, that's precisely the problem Gustavo had: newer autotools version
> do *NOT* want to have -D_BLABLA in CFLAGS, they only accept it in
> CPPFLAGS.
>
> See the original patch from Gustavo:
>
> """
> CPPFLAGS don't belong in CFLAGS, and newer autoconf versions just error
> out when it's used that way.
> """
>
> So the whole purpose of the discussion is precisely that we can't any
> longer pass the -D_LARGEFILE_SOURCE in TARGET_CFLAGS :)

  Okay my bad. I thought the issue was that CPPFLAGS were duplicated in 
CFLAGS.

  Regards,
  Arnout


-- 
Arnout Vandecappelle                          arnout at mind be
Senior Embedded Software Architect            +32-16-286500
Essensium/Mind                                http://www.mind.be
G.Geenslaan 9, 3001 Leuven, Belgium           BE 872 984 063 RPR Leuven
LinkedIn profile: http://www.linkedin.com/in/arnoutvandecappelle
GPG fingerprint:  7CB5 E4CC 6C2E EFD4 6E3D A754 F963 ECAB 2450 2F1F

[Buildroot] [PATCH 4/6] libcurl: bump to version 7.30.0

[Arnout Vandecappelle]

On 13/05/13 18:40, Gustavo Zacarias wrote:
> And add support for other SSL backends such as gnutls, nss and polarssl.
> Also add support for libidn and zlib.
>
> Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
[snip]
> diff --git a/package/libcurl/libcurl.mk b/package/libcurl/libcurl.mk
> index f0236d9..39eef10 100644
> --- a/package/libcurl/libcurl.mk
> +++ b/package/libcurl/libcurl.mk
> @@ -4,9 +4,12 @@
>   #
>   #############################################################
>
> -LIBCURL_VERSION = 7.28.1
> +LIBCURL_VERSION = 7.30.0
>   LIBCURL_SOURCE = curl-$(LIBCURL_VERSION).tar.bz2
>   LIBCURL_SITE = http://curl.haxx.se/download
> +LIBCURL_DEPENDENCIES = host-pkgconf \
> +	$(if $(BR2_PACKAGE_ZLIB),zlib) \
> +	$(if $(BR2_PACKAGE_LIBIDN),libidn)
>   LIBCURL_LICENSE = ICS
>   LIBCURL_LICENSE_FILES = COPYING
>   LIBCURL_INSTALL_STAGING = YES
> @@ -15,23 +18,34 @@ LIBCURL_INSTALL_STAGING = YES
>   # on non-MMU platforms. Moreover, this authentication method is
>   # probably almost never used. See
>   # http://curl.haxx.se/docs/manpage.html#--ntlm.
> -LIBCURL_CONF_OPT = --disable-verbose --disable-manual \
> -	--enable-hidden-symbols --disable-ntlm-wb
> +LIBCURL_CONF_OPT = --disable-verbose --disable-manual --disable-ntlm-wb \
> +	--enable-hidden-symbols --with-random=/dev/urandom

  Is the --with-random now needed without ssl as well?

>   LIBCURL_CONFIG_SCRIPTS = curl-config
>
>   ifeq ($(BR2_PACKAGE_OPENSSL),y)
> -LIBCURL_DEPENDENCIES += openssl
>   LIBCURL_CONF_ENV += ac_cv_lib_crypto_CRYPTO_lock=yes
>   # configure adds the cross openssl dir to LD_LIBRARY_PATH which screws up
>   # native stuff during the rest of configure when target == host.
>   # Fix it by setting LD_LIBRARY_PATH to something sensible so those libs
>   # are found first.
> +LIBCURL_DEPENDENCIES += openssl

  Moving this a couple of lines down is not necessary...

>   LIBCURL_CONF_ENV += LD_LIBRARY_PATH=$$LD_LIBRARY_PATH:/lib:/usr/lib
>   LIBCURL_CONF_OPT += --with-ssl=$(STAGING_DIR)/usr \
> -	--with-random=/dev/urandom \
>   	--with-ca-path=/etc/ssl/certs
> +LIBCURL_DEPENDENCIES += openssl

  ... and duplicating it certainly isn't!

> +else ifeq ($(BR2_PACKAGE_GNUTLS),y)
> +LIBCURL_CONF_OPT += --with-gnutls=$(STAGING_DIR)/usr

  No need for ca-path? (Same for the others.)

  Regards,
  Arnout

> +LIBCURL_DEPENDENCIES += gnutls
> +else ifeq ($(BR2_PACKAGE_POLARSSL),y)
> +LIBCURL_CONF_OPT += --with-polarssl=$(STAGING_DIR)/usr
> +LIBCURL_DEPENDENCIES += polarssl
> +else ifeq ($(BR2_PACKAGE_LIBNSS),y)
> +LIBCURL_CONF_OPT += --with-nss=$(STAGING_DIR)/usr
> +LIBCURL_CONF_ENV += CPPFLAGS="$(TARGET_CPPFLAGS) `$(PKG_CONFIG_HOST_BINARY) nspr nss --cflags`"
> +LIBCURL_DEPENDENCIES += libnss
>   else
> -LIBCURL_CONF_OPT += --without-ssl
> +LIBCURL_CONF_OPT += --without-ssl --without-gnutls \
> +	--without-polarssl --without-nss
>   endif
>
>   define LIBCURL_FIX_DOT_PC
>


-- 
Arnout Vandecappelle                          arnout at mind be
Senior Embedded Software Architect            +32-16-286500
Essensium/Mind                                http://www.mind.be
G.Geenslaan 9, 3001 Leuven, Belgium           BE 872 984 063 RPR Leuven
LinkedIn profile: http://www.linkedin.com/in/arnoutvandecappelle
GPG fingerprint:  7CB5 E4CC 6C2E EFD4 6E3D A754 F963 ECAB 2450 2F1F

[Buildroot] [PATCH 6/6] gnutls: bump to version 3.2.0

[Arnout Vandecappelle]

On 13/05/13 18:40, Gustavo Zacarias wrote:
> Signed-off-by: Gustavo Zacarias<gustavo@zacarias.com.ar>
> ---
>   package/gnutls/Config.in                           | 15 ++++++
>   ...gnutls-correct_rpl_gettimeofday_signature.patch | 58 ----------------------
>   package/gnutls/gnutls.mk                           | 29 ++++++++---
>   3 files changed, 38 insertions(+), 64 deletions(-)
>   delete mode 100644 package/gnutls/gnutls-correct_rpl_gettimeofday_signature.patch
>
> diff --git a/package/gnutls/Config.in b/package/gnutls/Config.in
> index 038b3fb..6c741a6 100644
> --- a/package/gnutls/Config.in
> +++ b/package/gnutls/Config.in
> @@ -1,6 +1,7 @@
>   config BR2_PACKAGE_GNUTLS
>   	bool "gnutls"
>   	select BR2_PACKAGE_NETTLE
> +	select BR2_PACKAGE_PCRE
>   	depends on BR2_USE_WCHAR
>   	help
>   	  GnuTLS is a secure communications library implementing the SSL
> @@ -8,6 +9,20 @@ config BR2_PACKAGE_GNUTLS
>
>   	http://www.gnutls.org
>
> +config BR2_PACKAGE_GNUTLS_PKCS11
> +	bool "PKCS#11 support"
> +	depends on !BR2_PREFER_STATIC_LIB
> +	depends on BR2_USE_MMU
> +	depends on BR2_PACKAGE_GNUTLS
> +	depends on BR2_TOOLCHAIN_HAS_THREADS
> +	select BR2_PACKAGE_LIBTASN1
> +	select BR2_PACKAGE_P11_KIT
> +	help
> +	  Enable PKCS#11 support in gnutls.
> +
> +comment "gnutls pkcs#11 support requires a toolchain with thread support"
> +	depends on BR2_PACKAGE_GNUTLS && !BR2_TOOLCHAIN_HAS_THREADS
> +

  Any reason why you want to add this config symbol, instead of just 
checking for BR2_PACKAGE_P11_KIT in the .mk file?

  Regards,
  Arnout

-- 
Arnout Vandecappelle                          arnout at mind be
Senior Embedded Software Architect            +32-16-286500
Essensium/Mind                                http://www.mind.be
G.Geenslaan 9, 3001 Leuven, Belgium           BE 872 984 063 RPR Leuven
LinkedIn profile: http://www.linkedin.com/in/arnoutvandecappelle
GPG fingerprint:  7CB5 E4CC 6C2E EFD4 6E3D A754 F963 ECAB 2450 2F1F

[Buildroot] [PATCH 4/6] libcurl: bump to version 7.30.0

[Gustavo Zacarias]

On 05/14/2013 07:32 PM, Arnout Vandecappelle wrote:
>  Is the --with-random now needed without ssl as well?

It's needed for all the SSL implementations and it doesn't hurt if
there's none.
So it's there to avoid duplication.

>> +LIBCURL_DEPENDENCIES += openssl
> 
>  ... and duplicating it certainly isn't!

Ouch! I'll fix it.

>  No need for ca-path? (Same for the others.)

Just for openssl, and it errors for any other option, isn't that nice? :)
Thanks.
Regards.

[Buildroot] [PATCH 6/6] gnutls: bump to version 3.2.0

[Gustavo Zacarias]

On 05/14/2013 07:36 PM, Arnout Vandecappelle wrote:
>  Any reason why you want to add this config symbol, instead of just
> checking for BR2_PACKAGE_P11_KIT in the .mk file?

Other than it's usually an obscure option (probably not easy to infer
for people), not really.
Regards.

[Buildroot] Config options for optional dependencies [was: [PATCH 6/6] gnutls: bump to version 3.2.0]

[Arnout Vandecappelle]

On 15/05/13 00:49, Gustavo Zacarias wrote:
> On 05/14/2013 07:36 PM, Arnout Vandecappelle wrote:
>>   Any reason why you want to add this config symbol, instead of just
>> checking for BR2_PACKAGE_P11_KIT in the .mk file?
>
> Other than it's usually an obscure option (probably not easy to infer
> for people), not really.

  I think it is time that we formalize a bit the rules for optional 
dependencies.

  To be honest, I would prefer explicit config options for optional 
dependencies, because it's not easy for users to realize they can select 
the additional library. However, that buts an unrealistic (maintenance) 
overhead on the Config.in files.

  So as a second-best option, I would say that the optional dependencies 
should be mentioned in the package help text. It's still not easy on the 
user, because s/he needs to know how to read the help text and how to 
search for the relevant package. It's also still a bit of a maintenance 
burden because the help text has to be updated when optional dependencies 
are added/removed. But I guess it's a reasonable compromise.

  With that, I think our informal guideline of adding config options only 
for obscure libraries becomes less of a necessity, and we can make it a 
rule to never add config options for optional dependencies.

  What do you think?

  Regards,
  Arnout

-- 
Arnout Vandecappelle                          arnout at mind be
Senior Embedded Software Architect            +32-16-286500
Essensium/Mind                                http://www.mind.be
G.Geenslaan 9, 3001 Leuven, Belgium           BE 872 984 063 RPR Leuven
LinkedIn profile: http://www.linkedin.com/in/arnoutvandecappelle
GPG fingerprint:  7CB5 E4CC 6C2E EFD4 6E3D A754 F963 ECAB 2450 2F1F

[Buildroot] Config options for optional dependencies [was: [PATCH 6/6] gnutls: bump to version 3.2.0]

[Thomas Petazzoni]

Dear Arnout Vandecappelle,

On Thu, 16 May 2013 08:17:43 +0200, Arnout Vandecappelle wrote:

>   I think it is time that we formalize a bit the rules for optional 
> dependencies.
> 
>   To be honest, I would prefer explicit config options for optional 
> dependencies, because it's not easy for users to realize they can select 
> the additional library. However, that buts an unrealistic (maintenance) 
> overhead on the Config.in files.
> 
>   So as a second-best option, I would say that the optional dependencies 
> should be mentioned in the package help text. It's still not easy on the 
> user, because s/he needs to know how to read the help text and how to 
> search for the relevant package. It's also still a bit of a maintenance 
> burden because the help text has to be updated when optional dependencies 
> are added/removed. But I guess it's a reasonable compromise.

Is this really useful? Isn't the <package>.mk file already explicit
enough about this? I'm pretty sure help texts will get out of sync, and
I'm not sure there's really a point in duplicating the information that
the <package>.mk already provides.

>   With that, I think our informal guideline of adding config options only 
> for obscure libraries becomes less of a necessity, and we can make it a 
> rule to never add config options for optional dependencies.
> 
>   What do you think?

Hum, I'm not sure to understand the current informal guideline as
"adding config options only for obscure libraries".

For features of the package that are not related to a dependency
(enabling debugging, or some other completely internal feature), there
is no other choice than adding a config option.

When there is a dependency, I guess the current rule is a matter of
appreciating whether or not it sounds logical to automatically enable
SSL support when OpenSSL is available, or whether having library foo in
the system immediately indicates that you want support for foo
everywhere. I'm not sure there is a way of having a solution that suits
all cases, without examining each specific case, and having an
appreciation of which choice makes the most sense.

For example, even enabling SSL automatically when OpenSSL is available
is something that could be discussed. It's not because I need SSL for
OpenSSH that I necessarily want my lighttpd web server to gain SSL
support (well, ok, granted, in this specific case, lighttpd has a
sub-option to enable or disable SSL support...). But it makes sense to
have this automatic, and leave it as a user customization if really
it's very important to disable SSL support on a per-package basis.

The drawback of the current solution, is that it is causing some
confusion on what should be done, and how to appreciate the border-line
cases. I unfortunately don't have much ideas here to improve this
situation.

Best regards,

Thomas
-- 
Thomas Petazzoni, Free Electrons
Kernel, drivers, real-time and embedded Linux
development, consulting, training and support.
http://free-electrons.com

[Buildroot] [PATCH 3/6] libnss: bump to version 3.14.3

[Peter Korsgaard]

>>>>> "Gustavo" == Gustavo Zacarias <gustavo@zacarias.com.ar> writes:

 Gustavo> Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>

Committed to next, thanks.

-- 
Bye, Peter Korsgaard