Commit Graph

93 Commits

Author SHA1 Message Date
Gustavo Zacarias
6fdb2b109b gnutls: security bump to version 3.5.10
Fixes:
GNUTLS-SA-2017-3A - Addressed integer overflow resulting to invalid
memory write in OpenPGP certificate parsing.
GNUTLS-SA-2017-3B - Addressed crashes in OpenPGP certificate parsing,
related to private key parser. No longer allow OpenPGP certificates
(public keys) to contain private key sub-packets.
GNUTLS-SA-2017-3C - Addressed large allocation in OpenPGP certificate
parsing, that could lead in out-of-memory condition.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-03-06 17:45:23 +01:00
Peter Korsgaard
743f5076df gnutls: bump version to 3.5.9
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-02-14 11:22:13 +01:00
Gustavo Zacarias
9b347c4acd gnutls: security bump to version 3.5.8
The 3.5.x has been promoted to stable, hence 3.4.x is deprecated and
3.3.x kept as old-stable.

libdane now specifies LGPLv2.1+ so drop the README kludge (which is also
gone regarding licensing).

libunistring is a new dependency, even though gnutls ships a builtin version
we prefer to use unbundled to avoid duplication with other users and target
size growth.

Fixes:

GNUTLS-SA-2017-01 - It was found using the OSS-FUZZ fuzzer
infrastructure that decoding a specially crafted X.509 certificate with
Proxy Certificate Information extension present could lead to a double
free.
GNUTLS-SA-2017-02 - It was found using the OSS-FUZZ fuzzer
infrastructure that decoding a specially crafted OpenPGP certificate
could lead to heap and stack overflows.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-01-09 16:39:50 +01:00
Gustavo Zacarias
455487dbd1 gnutls: bump to version 3.4.17
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2016-12-09 18:11:24 +01:00
Gustavo Zacarias
881b7bd31e gnutls: bump to version 3.4.16
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2016-10-13 08:05:51 +02:00
Gustavo Zacarias
fc56a9ea3f gnutls: bump to version 3.4.15
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2016-09-08 19:47:05 +02:00
Gustavo Zacarias
6606dde1d5 gnutls: security bump to version 3.4.14
Fixes:
GNUTLS-SA-2016-2 - vulnerability that affects certificate verification
when GnuTLS is used in combination with the p11-kit trust module.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2016-07-14 12:53:28 +02:00
Rahul Bedarkar
f2844807a7 gnutls: update legal info
GnuTLS core library is licensed under LGPLv2.1+ while gnutls-openssl
library is licensed under GPLv3+. Annotate the license with components.

Reviewed-by: Marcin Nowakowski <marcin.nowakowski@imgtec.com>
Signed-off-by: Rahul Bedarkar <rahul.bedarkar@imgtec.com>
[Thomas:
 - add comment about the license of the "core library" since some files
   seems to be mistakenly under LGPLv3+ even though the library is
   licensed under LGPLv2.1+.
 - add the README file in the license information, since it contains a
   lot of useful details.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2016-07-05 00:10:05 +02:00
Gustavo Zacarias
57bb2d730b gnutls: bump to version 3.4.13
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2016-06-07 13:10:52 +02:00
Gustavo Zacarias
f8799db790 gnutls: bump to version 3.4.12
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2016-05-22 21:35:39 +02:00
Gustavo Zacarias
41fef2ce8d gnutls: bump to version 3.4.11
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2016-04-13 21:40:08 +02:00
Gustavo Zacarias
726f8f2f40 gnutls: bump to version 3.4.10
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2016-03-03 15:00:43 +01:00
Gustavo Zacarias
be8ae9330b gnutls: bump to version 3.4.9
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2016-02-03 23:16:25 +01:00
Gustavo Zacarias
9bff092e29 gnutls: bump to version 3.4.8
Patch now upstream, so drop it along autoreconf and gettextize.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2016-01-08 18:30:23 +01:00
Gustavo Zacarias
cb2334b926 gnutls: fix --disable-crywrap
Add a patch to really enable the --disable-crywrap option in gnutls.
Fixes:
http://autobuild.buildroot.org/results/d86/d8604fe448bb11395e8443726d09b041eb34c6d5/

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-12-16 09:35:01 +01:00
Gustavo Zacarias
b80e4aa627 gnutls: comma separate licenses
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-12-15 22:04:28 +01:00
Gustavo Zacarias
869a4c6fea gnutls: remove manual tools disabling kludge
It's no longer required, tools are guarded by ENABLE_TOOLS in
Makefile.am and excluded accordingly.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-12-15 21:51:13 +01:00
Gustavo Zacarias
5aca274c7b gnutls: remove manual doc disabling kludge
It's no longer required, SUBDIRS += doc is guarded by ENABLE_DOC in
Makefile.am and the only place where it's used regardless is in
dist-hook which isn't used by buildroot.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-12-15 21:51:00 +01:00
Gustavo Zacarias
b87242316b gnutls: re-enable gnutls-openssl compat library
This was disabled in the 3.4.x branch by default and is required by
inadyn, fixes:
http://autobuild.buildroot.net/results/51f/51f7e9275c2d23952c7558a126a8843d5476e4b1/

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2015-12-10 21:57:41 +01:00
Gustavo Zacarias
e6e90c7017 gnutls: needs argp-standalone for musl/uclibc
It's required for crywrap (tools), fixes:
http://autobuild.buildroot.net/results/2d9/2d98fced7ff7c3b5c39a97eb1c8db7dd651fa86c/

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2015-12-04 21:38:03 +01:00
Gustavo Zacarias
01e3d2eff1 gnutls: bump to version 3.4.7
The 3.4 series has been promoted to stable.
Handle autodeps more concisely (idn, p11-kit, zlib).
libtasn1 is now mandatory, since otherwise gnutls uses the bundled
version it makes no sense to try that because of target duplication.
Disable tpm support since we've got no trousers package.
Disable libdane support since we've got no dane package.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-12-01 17:52:28 +01:00
Gustavo Zacarias
5517c1b27f gnutls: bump to version 3.3.19
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Reviewed-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Tested-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-11-23 18:35:48 +01:00
Gustavo Zacarias
d36ed1a7b8 gnutls: bump to version 3.3.18
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-09-13 20:01:22 +02:00
Gustavo Zacarias
7c8c18a616 gnutls: security bump to version 3.3.17.1
Fixes GNUTLS-SA-2015-3 - Double free in certificate DN decoding.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-08-18 13:07:52 +02:00
Gustavo Zacarias
adddac4558 gnutls: bump to version 3.3.16
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-07-13 17:08:03 +02:00
Gustavo Zacarias
c1b0a0dc56 gnutls: security bump to version 3.3.15
Fixes:
GNUTLS-SA-2015-2 - Fix for MD5 downgrade in TLS 1.2 signatures.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2015-05-04 14:35:21 +02:00
Gustavo Zacarias
79ce08bbdc packages: remove non-IPv6 dependencies and tweaks
Now that IPv6 is mandatory remove package dependencies and conditionals
for it.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-04-22 23:06:35 +02:00
Jerzy Grzegorek
bd8c733fb4 packages: indentation cleanup
This commit doesn't touch infra packages.

Signed-off-by: Jerzy Grzegorek <jerzy.grzegorek@trzebnica.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-03-31 13:57:41 +02:00
Gustavo Zacarias
552399dbf6 gnutls: security bump to version 3.3.14
Fixes a two-byte stack overflow in DTLS 0.9 protocol (no CVE assigned
yet).

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-03-30 17:57:49 +02:00
Peter Korsgaard
7403ea730d Merge branch 'next'
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2015-03-02 23:26:20 +01:00
Gustavo Zacarias
681a90f746 gnutls: bump to version 3.3.13
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2015-02-26 22:24:24 +01:00
Thomas Petazzoni
b34c63375a gnutls: make sure librt detection doesn't poison the linker flags
Just like we're passing --with-libpthread-prefix, we also need to pass
--with-librt-prefix in order to avoid having the gnutls build system
detect the librt in /usr/lib, and pass -L/usr/lib to the linker flags.

Fixes:

  http://autobuild.buildroot.org/results/fa5/fa58602cb78ffe3ae4ee389ef5cf5a37b7657c4c/

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-02-17 13:58:22 +01:00
Gustavo Zacarias
becc095282 gnutls: bump to version 3.3.12
This is the new stable, so switch to it.
Still no dice with nettle 3.0, see:
http://lists.gnutls.org/pipermail/gnutls-devel/2014-June/006977.html
and nettle upstream:
http://lists.lysator.liu.se/pipermail/nettle-bugs/2014/003129.html

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2015-01-20 00:41:55 +01:00
Gustavo Zacarias
733700cff7 gnutls: bump to version 3.2.21
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2014-12-11 19:49:38 +01:00
Gustavo Zacarias
caf2b2ba6b gnutls: security bump to version 3.2.20
Fixes:
CVE-2014-8564 / GNUTLS-SA-2014-5 - Sean Burford reported that the
encoding of elliptic curves parameters GnuTLS 3 is vulnerable to a
denial of service (heap corruption). It affects clients and servers
which print information about the peer's certificate, e.g., the key ID,
and can be exploited via a specially crafted X.509 certificate.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2014-11-10 14:13:49 +01:00
Gustavo Zacarias
8465d7ecfc gnutls: bump to version 3.2.19
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2014-10-14 17:27:45 +02:00
Thomas De Schampheleire
aaffd209fa packages: rename FOO_CONF_OPT into FOO_CONF_OPTS
To be consistent with the recent change of FOO_MAKE_OPT into FOO_MAKE_OPTS,
make the same change for FOO_CONF_OPT.

Sed command used:
   find * -type f | xargs sed -i 's#_CONF_OPT\>#&S#g'

Signed-off-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2014-10-04 18:54:16 +02:00
Gustavo Zacarias
2e849bd9b6 gnutls: bump to version 3.2.18
Also add hash, calculated on downloaded file after verifying signature.

[Peter: tweak hash comment]
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2014-09-18 22:02:09 +02:00
Gustavo Zacarias
6b8f4e4603 gnutls: bump to version 3.2.16
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2014-07-23 21:52:26 +02:00
Gustavo Zacarias
5c3f0ce05d gnutls: security bump to version 3.2.15
Fixes GNUTLS-SA-2014-3 (CVE-2014-3466).

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2014-05-30 22:48:40 +02:00
Gustavo Zacarias
6ef3999f8c gnutls: bump to version 3.2.14
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2014-05-08 21:18:59 +02:00
Gustavo Zacarias
d996fe44d3 gnutls: bump to version 3.2.13
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2014-04-08 14:20:09 +02:00
Gustavo Zacarias
310db15519 gnutls: security bump to version 3.2.12
Fixes CVE-2014-1959 / GNUTLS-SA-2014-1 and CVE-2014-0092 / GNUTLS-SA-2014.2

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2014-03-04 19:38:55 +01:00
Antoine Pierlot-Garcin
dcd0b3cc7b gnutls: fix libz autodetection failure
The configure script finds libz in the distribution libraries, which causes
zlib support to be dropped from the cross-compiled GnuTLS.

Signed-off-by: Antoine Pierlot-Garcin <antoine@bokbox.com>
Acked-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2014-02-04 18:09:14 +01:00
Gustavo Zacarias
d9b79b7f50 gnutls: bump to version 3.2.10
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2014-02-04 09:46:57 +01:00
Arnout Vandecappelle (Essensium/Mind)
1bb77c7578 gnutls: bump to 3.2.9
gnutls-01-gettime.patch was applied upstream, AUTORECONF is no longer
necessary.

The GNUTLS_LIBREGEX_CHECK_FIX didn't actually work before, because it was
overwritten by the autoreconf. It looks like things still work without
regex. However, this patch reinstates the regex support by setting
libopts_cv_with_libregex=yes in the environment.

Fixes http://autobuild.buildroot.net/results/b22/b22f2caa79f371c625939b65a88a2073382c5288
(failure in libvncserver) because gnutls.so is now properly linked with -lrt.

Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2014-02-01 12:07:24 +01:00
Gustavo Zacarias
77ab76b2e9 gnutls: add crywrap clock_gettime patch
Fixes:
http://autobuild.buildroot.net/results/1bd/1bd67b616e996d684dd584576569517f4653addd/

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2013-12-26 18:43:38 +01:00
Thomas Petazzoni
87815fc695 gnutls: fix libopts detection causing build failures
Following the recent bump of gnutls to version 3.2.8, the build
started to fail on some machines where libopts is installed on the
system: gnutls configure script was incorrectly assuming that libopts
was available.

Since we don't have a package in Buildroot, this commit tells gnutls
to use its builtin libopts version.

Fixes (tested on gcc20):

  http://autobuild.buildroot.org/results/18f/18f61b3be6aed73f83b449b5082492a4a6ba8ffb/build-end.log

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2013-12-25 17:14:44 +01:00
Thomas De Schampheleire
35eaed8d07 Config.in files: use if/endif instead of 'depends on' for main symbol
In the Config.in file of package foo, it often happens that there are other
symbols besides BR2_PACKAGE_FOO. Typically, these symbols only make sense
when foo itself is enabled. There are two ways to express this: with
    depends on BR2_PACKAGE_FOO
in each extra symbol, or with
    if BR2_PACKAGE_FOO
        ...
    endif
around the entire set of extra symbols.

The if/endif approach avoids the repetition of 'depends on' statements on
multiple symbols, so this is clearly preferred. But even when there is only
one extra symbol, if/endif is a more logical choice:
- it is future-proof for when extra symbols are added
- it allows to have just one strategy instead of two (less confusion)

This patch modifies the Config.in files accordingly.

Signed-off-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2013-12-25 12:21:39 +01:00
Gustavo Zacarias
da30463346 gnutls: bump to version 3.2.8
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2013-12-25 10:12:51 +01:00