Fixes the following security issues:
CVE-2018-16151: The OID parser in the ASN.1 code in gmp allows any number of
random bytes after a valid OID.
CVE-2018-16152: The algorithmIdentifier parser in the ASN.1 code in gmp
doesn't enforce a NULL value for the optional parameter which is not used
with any PKCS#1 algorithm.
For more details, see the advisory:
https://www.strongswan.org/blog/2018/09/24/strongswan-vulnerability-(cve-2018-16151,-cve-2018-16152).html
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 5e04cdde197f17472a85423f4063b8f6ee19a82c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix CVE-2018-12543. If a message is sent to Mosquitto with a topic that
begins with $, but is not $SYS, then an assert that should be unreachable is
triggered and Mosquitto will exit.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 5e62304359d150b6befa4bab4030ead09bcfdfdf)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Removed patch 0001, applied upstream.
Replaced patch 0002 with a more generic solution as patch 0001.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit f5336412d54397f35daa09c4f9eab952afadd3fe)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
>From the release notes
(http://ftp.isc.org/isc/bind9/9.11.4-P2/RELEASE-NOTES-bind-9.11.4-P2.txt):
* There was a long-existing flaw in the documentation for ms-self,
krb5-self, ms-subdomain, and krb5-subdomain rules in update-policy
statements. Though the policies worked as intended, operators who
configured their servers according to the misleading documentation may
have thought zone updates were more restricted than they were; users of
these rule types are advised to review the documentation and correct
their configurations if necessary. New rule types matching the
previously documented behavior will be introduced in a future maintenance
release. [GL !708]
* named could crash during recursive processing of DNAME records when
deny-answer-aliases was in use. This flaw is disclosed in CVE-2018-5740.
[GL #387]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 63eb34fa121c4e7448dd5ec25491ed742a7ca262)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
>From the release notes
(http://ftp.isc.org/isc/bind9/9.11.4-P2/RELEASE-NOTES-bind-9.11.4-P2.txt):
* There was a long-existing flaw in the documentation for ms-self,
krb5-self, ms-subdomain, and krb5-subdomain rules in update-policy
statements. Though the policies worked as intended, operators who
configured their servers according to the misleading documentation may
have thought zone updates were more restricted than they were; users of
these rule types are advised to review the documentation and correct
their configurations if necessary. New rule types matching the
previously documented behavior will be introduced in a future maintenance
release. [GL !708]
* named could crash during recursive processing of DNAME records when
deny-answer-aliases was in use. This flaw is disclosed in CVE-2018-5740.
[GL #387]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 63eb34fa121c4e7448dd5ec25491ed742a7ca262)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Ghostscript 9.24 changed the internal lcms2 version:
https://www.ghostscript.com/doc/9.24/News.htm
With this change the directory name was also changed which broke our
code to force the usage of the buildroot lcms2 package.
Fixes
http://autobuild.buildroot.net/results/d04/d04ad017bf06a442a7397f935959994ba72824e1/
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit d5f83cfc885c4a9ea6d35d38b7d5a8eaf725aee2)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
- CVE-2018-16543: In Artifex Ghostscript before 9.24, gssetresolution and
gsgetresolution allow attackers to have an unspecified impact
- CVE-2018-17183: Artifex Ghostscript before 9.25 allowed a user-writable
error exception table, which could be used by remote attackers able to
supply crafted PostScript to potentially overwrite or replace error
handlers to inject code.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit b054797ecafec2b4b8945ad654242133749bf653)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Delete lcsm2art directory to use the buildroot lcms2 library
Fixes:
- http://autobuild.buildroot.net/results/cda9c22bf29278cc24ab852094df19b773d0f151
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit b0bf1f5888eac726368c264c588ad5be33421efd)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Ghostscript 9.24 changed the internal lcms2 version:
https://www.ghostscript.com/doc/9.24/News.htm
With this change the directory name was also changed which broke our
code to force the usage of the buildroot lcms2 package.
Fixes
http://autobuild.buildroot.net/results/d04/d04ad017bf06a442a7397f935959994ba72824e1/
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit d5f83cfc885c4a9ea6d35d38b7d5a8eaf725aee2)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
- CVE-2018-16543: In Artifex Ghostscript before 9.24, gssetresolution and
gsgetresolution allow attackers to have an unspecified impact
- CVE-2018-17183: Artifex Ghostscript before 9.25 allowed a user-writable
error exception table, which could be used by remote attackers able to
supply crafted PostScript to potentially overwrite or replace error
handlers to inject code.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit b054797ecafec2b4b8945ad654242133749bf653)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Don't display comment if BR2_USE_MMU is true
Moreover, move BR2_USE_MMU dependency at the top of dependency list
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Acked-by: Kurt Van Dijck <dev.kurt@vandijck-laurijssen.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 0dbab1bb45d0eb1bf37e693b0ad9ca95831d5180)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Don't display comment if BR2_USE_MMU is true
Moreover, move BR2_USE_MMU dependency at the top of dependency list
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Acked-by: Kurt Van Dijck <dev.kurt@vandijck-laurijssen.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 0dbab1bb45d0eb1bf37e693b0ad9ca95831d5180)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 0a656bc0658e79f7ddc4c9734ad9c52a5df46296)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 0a656bc0658e79f7ddc4c9734ad9c52a5df46296)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The libXdmcp configure script uses pkg-config, but the Buildroot
package does not depend on host-pkgconf. This is not seen by the
autobuilders most likely because another package that is always built
before libXdmcp builds pkg-config.
However, running:
$ make xlib_libXdmcp
triggers the following build failure:
checking pkg-config is at least version 0.9.0... ./configure: line 12323: /home/thomas/projets/buildroot/output/host/bin/pkg-config: No such file or directory
no
[...]
checking for XDMCP... configure: error: in `/home/thomas/projets/buildroot/output/build/xlib_libXdmcp-1.1.2':
configure: error: The pkg-config script could not be found or is too old. Make sure it
is in your PATH or set the PKG_CONFIG environment variable to the full
path to pkg-config.
This was detected using per-package target/host folders, because with
this, only the dependencies explicitly expressed by a package are
available to the package.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit a517df56d641e1b3d4ce5988eb5d1747cd78a69a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The woff2 dependency is used to support Web fonts in WOFF2 format.
This is a Web-facing feature that Web sites expect WebKit to support,
and it is recommended to be unconditionally enabled. While it is
possible to disable the feature at build time, upstream only recommends
doing so if the target system cannot provide a woff2 package.
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 51b3fe094a2fdcfcab649d6ddb2f23d0833e6e95)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The woff2 dependency is used to support Web fonts in WOFF2 format.
This is a Web-facing feature that Web sites expect WebKit to support,
and it is recommended to be unconditionally enabled. While it is
possible to disable the feature at build time, upstream only recommends
doing so if the target system cannot provide a woff2 package.
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 51b3fe094a2fdcfcab649d6ddb2f23d0833e6e95)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add the woff2 package to Builroot. This is needed by webkitgtk from
version 2.20.0 onwards. WebKitGTK+ used to bundle a copy of the library,
but it stopped doing so now that the upstream is has been making
releases.
[Peter: fix license hash]
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 70afd4afa765183032fd0c335b6855fd02e30745)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This adds a local patch, also submitted upstream, which modifies
CMakeLists.txt to avoid the check for the unneeded C++ compiler.
Fixes:
- http://autobuild.buildroot.net/results/68e05c634e62ba4b6f6eb8dc95eeb16faa58fd60
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit bfda8371d4f71f0e316497d40eb24f0e936adb58)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add the brotli package to Buildroot. This is needed by woff2, which in
turn is needed by webkitgtk from version 2.20.0 onwards. WebKitGTK+ used
to bundle a copy of the library, but it stopped doing so now that the
upstream has started making releases.
[Peter: fix license hash]
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 4f634160b2a106f7e34b4bb018b34e77c8dda2a9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The configure script of xutil_makedepend uses PKG_CHECK_MODULES(), so
it should depend on host-pkgconf. Otherwise, a "make
host-xutil_makedepend" fails with:
"""
checking for X... configure: error: in `/home/thomas/projets/buildroot/output/build/host-xutil_makedepend-1.0.5':
configure: error: The pkg-config script could not be found or is too old. Make sure it
is in your PATH or set the PKG_CONFIG environment variable to the full
path to pkg-config.
Alternatively, you may set the environment variables X_CFLAGS
and X_LIBS to avoid the need to call pkg-config.
See the pkg-config man page for more details.
To get pkg-config, see <http://pkg-config.freedesktop.org/>.
"""
This was detected using per-package host/target directories, but can
be reproduced without it.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 73185f1270b6f86f7d02eefa8c70e568b30dd4cf)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
In commit 2524acd4179fccc627a72ff188bf51c95fed9867
("package/x11r7/xlib_libxshmfence: bump version to 1.3"), the patch
0001-configure.ac-call-AC_USE_SYSTEM_EXTENSIONS.patch was dropped, but
the corresponding AUTORECONF = YES was not dropped.
This causes a build issue if just xlib_libxshmfence is built (using
"make xlib_libxshmfence" or using per-package host/target directories):
>>> xlib_libxshmfence 1.3 Autoreconfiguring
configure.ac:40: error: must install xorg-macros 1.3 or later before running autoconf/autogen
configure.ac:40: the top level
This commit fixes that by dropping the no longer needed
AUTORECONF = YES.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit bcf4b72def49ce82fef2582f45414594f6b8dffa)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Use SPDX short identifier (Imlib2) instead of full name
- Add COPYING-PLAIN to license files
- Add hash for license files
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Acked-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit e29fcc14809dcd34f2bccc0fb949ee2cd46489ef)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Use SPDX short identifier (Imlib2) instead of full name
- Add COPYING-PLAIN to license files
- Add hash for license files
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Acked-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit e29fcc14809dcd34f2bccc0fb949ee2cd46489ef)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The old URL was not working for quite some time.
Signed-off-by: Marcel Patzlaff <m.patzlaff@pilz.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 43e7667fc82d55d0a9fdfad91375a0621efb7576)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The old URL was not working for quite some time.
Signed-off-by: Marcel Patzlaff <m.patzlaff@pilz.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 43e7667fc82d55d0a9fdfad91375a0621efb7576)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
mrouted part of igmpproxy is licensed under BSD-3-Clause so add this in
IGMPPROXY_LICENSE and add hash for license files
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit c60c92861408d73e83fc819ac861f9fde962121c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
mrouted part of igmpproxy is licensed under BSD-3-Clause so add this in
IGMPPROXY_LICENSE and add hash for license files
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit c60c92861408d73e83fc819ac861f9fde962121c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
As specified in COPYING, examples are licensed under GPL-3.0+ and .x
files are licensed under BSD-2-Clause.
So update LIBNFS_LICENSE, add COPYING, LICENCE-BSD.txt and
LICENCE-GPL-3.txt to LIBNFS_LICENSE_FILES and add hash for all license
files
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 1b486d4fa32a698ca9b454d7cfb874473009d20f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
As specified in COPYING, examples are licensed under GPL-3.0+ and .x
files are licensed under BSD-2-Clause.
So update LIBNFS_LICENSE, add COPYING, LICENCE-BSD.txt and
LICENCE-GPL-3.txt to LIBNFS_LICENSE_FILES and add hash for all license
files
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 1b486d4fa32a698ca9b454d7cfb874473009d20f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Currently libxslt configure finds native /usr/bin/xml2-config.
Signed-off-by: Ferdinand van Aartsen <ferdinand@ombud.nl>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit f8f8ff33472641f9192a5e1ca65ebc614821665a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Currently libxslt configure finds native /usr/bin/xml2-config.
Signed-off-by: Ferdinand van Aartsen <ferdinand@ombud.nl>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit f8f8ff33472641f9192a5e1ca65ebc614821665a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
cppcms contains embedded third party software so add
THIRD_PARTY_SOFTWARE.TXT to CPPCMS_LICENSE_FILES as well as the
additional licenses to CPPCMS_LICENSE.
Also add hash for COPYING.TXT and THIRD_PARTY_SOFTWARE.TXT
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit c17310450b5e720e7ad2294f79a4655e607b22b1)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
cppcms contains embedded third party software so add
THIRD_PARTY_SOFTWARE.TXT to CPPCMS_LICENSE_FILES as well as the
additional licenses to CPPCMS_LICENSE.
Also add hash for COPYING.TXT and THIRD_PARTY_SOFTWARE.TXT
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit c17310450b5e720e7ad2294f79a4655e607b22b1)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 78dd830f15b0c175cb8c9d2fef7f0641a8733b29)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
