[Buildroot] [PATCH] package/mksh: fix project URL in Config.in
Yann E. MORIN
yann.morin.1998 at free.fr
Fri Nov 12 19:33:54 UTC 2021
Carlos, All,
On 2021-11-12 15:59 -0300, unixmania at gmail.com spake thusly:
> From: Carlos Santos <unixmania at gmail.com>
>
> It's https://www.mirbsd.org/mksh.htm
... which does not support TLS 1.2, and so recent browsers whine about
an insecure connection, like Firefox:
Secure Connection Failed
An error occurred during a connection to www.mirbsd.org. Peer using
unsupported version of security protocol.
Error code: SSL_ERROR_UNSUPPORTED_VERSION
* The page you are trying to view cannot be shown because the
authenticity of the received data could not be verified.
* Please contact the website owners to inform them of this problem.
[Learn more…]
This website might not support the TLS 1.2 protocol, which is the
minimum version supported by Firefox. Enabling TLS 1.0 and TLS 1.1
might allow this connection to succeed.
TLS 1.0 and TLS 1.1 will be permanently disabled in a future
release.
And indeed, enabling TLS 1.0 and 1.1 allows the connection to succeed...
Too bad... :-(
And of course, we can't download it either, of course, but fortunately,
there is the fallback to s.b.o :
>>> mksh 59c Downloading
wget --passive-ftp -nd -t 3 -O '/home/ymorin/dev/buildroot/O/build/.mksh-R59c.tgz.5iZMHq/output' 'https://www.mirbsd.org/MirOS/dist/mir/mksh/mksh-R59c.tgz'
--2021-11-12 20:24:00-- https://www.mirbsd.org/MirOS/dist/mir/mksh/mksh-R59c.tgz
Resolving www.mirbsd.org (www.mirbsd.org)... 62.138.145.52, 2001:470:1f0b:76c::1
Connecting to www.mirbsd.org (www.mirbsd.org)|62.138.145.52|:443... connected.
OpenSSL: error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol
Unable to establish SSL connection.
wget --passive-ftp -nd -t 3 -O '/home/ymorin/dev/buildroot/O/build/.mksh-R59c.tgz.ojSduH/output' 'http://sources.buildroot.net/mksh/mksh-R59c.tgz'
--2021-11-12 20:24:01-- http://sources.buildroot.net/mksh/mksh-R59c.tgz
Resolving sources.buildroot.net (sources.buildroot.net)... 172.67.72.56, 104.26.1.37, 104.26.0.37, ...
Connecting to sources.buildroot.net (sources.buildroot.net)|172.67.72.56|:80... connected.
HTTP request sent, awaiting response... 200 OK
Meh... :-(
Should we switch over to using plain http instead? It is not much less
secure than TLS 1.0 or 1.1, for which there are known and practical
attacks, and plain http will work. Also, we do have the hashes, so we
can at least assess the integrity and authenticity of the download.
Regards,
Yann E. MORIN.
> Signed-off-by: Carlos Santos <unixmania at gmail.com>
> ---
> package/mksh/Config.in | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/package/mksh/Config.in b/package/mksh/Config.in
> index e6ccc90646..098f9840e5 100644
> --- a/package/mksh/Config.in
> +++ b/package/mksh/Config.in
> @@ -22,4 +22,4 @@ config BR2_PACKAGE_MKSH
> operating environments
> (thus including patches from pdksh on e.g. Debian).
>
> - http://mirbsd.de/mksh
> + https://www.mirbsd.org/mksh.htm
> --
> 2.27.0
>
> _______________________________________________
> buildroot mailing list
> buildroot at buildroot.org
> https://lists.buildroot.org/mailman/listinfo/buildroot
--
.-----------------.--------------------.------------------.--------------------.
| Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ |
| +33 561 099 427 `------------.-------: X AGAINST | \e/ There is no |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. |
'------------------------------^-------^------------------^--------------------'
More information about the buildroot
mailing list