Fixes:
CVE-2015-1606: Use after free, resulting from failure to skip invalid packets
CVE-2015-1607: memcpy with overlapping ranges, resulting from incorrect
bitwise left shifts
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
To be consistent with the recent change of FOO_MAKE_OPT into FOO_MAKE_OPTS,
make the same change for FOO_CONF_OPT.
Sed command used:
find * -type f | xargs sed -i 's#_CONF_OPT\>#&S#g'
Signed-off-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The gnupg2 configure script checks whether <stdint.h> complies with
C99. When doing this, it expects a number of WCHAR_* definitions to be
present, which is not the case on non-wchar capable toolchains. The
gnupg2 configure script then concludes that <stdint.h> is not
C99-compliant and generates its own, which causes some build failures
related to intmax_t being not defined.
Since wchar is not actually used in gnupg2, this commit fixes this
problem by forcing gnupg2 to think that our <stdint.h> is
C99-compliant.
Fixes:
http://autobuild.buildroot.org/results/40f/40fff3bc304e1a83524f28be8f6afc2e217281ad/
And lots of similar issues. Thanks a lot for Romain Naour for the
initial investigation and lots of discussion on IRC about this issue.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Reviewed-by: Romain Naour <romain.naour@openwide.fr>
This is to improve build reproducibility.
[Thomas: add --with-readline and --without-readline options to
explicitly enable/disable readline usage.]
Signed-off-by: Romain Naour <romain.naour@openwide.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This is to improve build reproducibility.
[Thomas: add --enable-bzip2 --with-bzip options.]
Signed-off-by: Romain Naour <romain.naour@openwide.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
gnupg2 needs a toolchain with locale support or a package which provides
a suitable iconv implementation (libiconv). Otherwise it will fail at
the configure phase with an error like this one:
*** It is now required to build with support for iconv
*** Please install a suitable iconv implementation.
Fixes:
http://autobuild.buildroot.net/results/8c9/8c93c28533dfebffa8b2e34b1421d3fa3cdeb278/
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Reviewed-by: Markos Chandras <Markos.Chandras@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Fixes CVE-2014-4617 (The do_uncompress function in g10/compress.c
allows context-dependent attackers to cause a denial of service
(infinite loop) via malformed compressed packets, as demonstrated by an
a3 01 5b ff byte sequence.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
[Thomas: use libpthsem instead of pth, remove !uclibc dependency,
minor formatting fixes in the .mk file.]
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Reviewed-by: Markos Chandras <Markos.Chandras@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>