Fixes:
CVE-2015-2187 - The ATN-CPDLC dissector could crash.
CVE-2015-2188 - The WCP dissector could crash.
CVE-2015-2189 - The pcapng file parser could crash.
CVE-2015-2190 - The LLDP dissector could crash.
CVE-2015-2191 - The TNEF dissector could go into an infinite loop.
CVE-2015-2192 - The SCSI OSD dissector could go into an infinite loop.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Autogenerated from rename-patch.py (http://patchwork.ozlabs.org/patch/403345)
Signed-off-by: Samuel Martin <s.martin49@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes:
CVE-2015-0559, CVE-2015-0560 - The WCCP dissector could crash.
CVE-2015-0561 - The LPP dissector could crash.
CVE-2015-0562 - The DEC DNA Routing Protocol dissector could crash.
CVE-2015-0563 - The SMTP dissector could crash.
CVE-2015-0564 - Wireshark could crash while decypting TLS/SSL sessions.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
To be consistent with the recent change of FOO_MAKE_OPT into FOO_MAKE_OPTS,
make the same change for FOO_CONF_OPT.
Sed command used:
find * -type f | xargs sed -i 's#_CONF_OPT\>#&S#g'
Signed-off-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Fixes:
WNPA-SEC-2014-08 / CVE-2014-5161 / CVE-2014-5162
The Catapult DCT2000 and IrDA dissectors could underrun a buffer.
WNPA-SEC-2014-09 / CVE-2014-5163
The GSM Management dissector could crash.
WNPA-SEC-2014-10 / CVE-2014-5164
The RLC dissector could crash.
WNPA-SEC-2014-11 / CVE-2014-5165
The ASN.1 BER dissector could crash.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes CVE-2014-4020 (The frame metadissector could crash).
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The following vulnerabilities have been fixed.
* [1]wnpa-sec-2014-01
The NFS dissector could crash. Discovered by Moshe Kaplan.
([2]Bug 9672)
Versions affected: 1.10.0 to 1.10.5, 1.8.0 to 1.8.12
[3]CVE-2014-2281
* [4]wnpa-sec-2014-02
The M3UA dissector could crash. Discovered by Laurent
Butti. ([5]Bug 9699)
Versions affected: 1.10.0 to 1.10.5
[6]CVE-2014-2282
* [7]wnpa-sec-2014-03
The RLC dissector could crash. ([8]Bug 9730)
Versions affected: 1.10.0 to 1.10.5, 1.8.0 to 1.8.12
[9]CVE-2014-2283
* [10]wnpa-sec-2014-04
The MPEG file parser could overflow a buffer. Discovered by
Wesley Neelen. ([11]Bug 9843)
Versions affected: 1.10.0 to 1.10.5, 1.8.0 to 1.8.12
[12]CVE-2014-2299
Signed-off-by: Axel Lin <axel.lin@ingics.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Fixes a couple of runtime regressions from the 1.10.4 security release.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The current stable release of Wireshark is 1.10.3. It supersedes all
previous releases. So let's upgrade to 1.10.3.
Signed-off-by: Axel Lin <axel.lin@ingics.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When a package A depends on config option B and toolchain option C, then
the comment that is given when C is not fulfilled should also depend on B.
For example:
config BR2_PACKAGE_A
depends on BR2_B
depends on BR2_LARGEFILE
depends on BR2_WCHAR
comment "A needs a toolchain w/ largefile, wchar"
depends on !BR2_LARGEFILE || !BR2_WCHAR
This comment should actually be:
comment "A needs a toolchain w/ largefile, wchar"
depends on BR2_B
depends on !BR2_LARGEFILE || !BR2_WCHAR
or if possible (typically when B is a package config option declared in that
same Config.in file):
if BR2_B
comment "A needs a toolchain w/ largefile, wchar"
depends on !BR2_LARGEFILE || !BR2_WCHAR
[other config options depending on B]
endif
Otherwise, the comment would be visible even though the other dependencies
are not met.
This patch adds such missing dependencies, and changes existing such
dependencies from
depends on BR2_BASE_DEP && !BR2_TOOLCHAIN_USES_GLIBC
to
depends on BR2_BASE_DEP
depends on !BR2_TOOLCHAIN_USES_GLIBC
so that (positive) base dependencies are separate from the (negative)
toolchain dependencies. This strategy makes it easier to write such comments
(because one can simply copy the base dependency from the actual package
config option), but also avoids complex and long boolean expressions.
Signed-off-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com>
Acked-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(untested)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This patch lines up the comments in Config.in files that clarify which
toolchain options the package depends on.
Signed-off-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit adds a dependency of the libglib2 package on thread
support in the toolchain, since upstream libglib2 doesn't build
without thread support. The commit is rather large as it involves
propagating the dependency on thread support to all reverse
dependencies of the libglib2 package.
[Thomas: squash all patches into one, make a few minor fixes, the most
important one being to not add comments about MMU requirement when a
package doesn't work on !MMU platforms.]
Signed-off-by: Spenser Gilliland <spenser@gillilanding.com>
wireshark's libsmi detection is not cross compile friendly. We don't have
libsmi in Buildroot yet anyway, so just disable support for it in wireshark.
Fixes
http://autobuild.buildroot.net/results/0daaa3dd74315ac901920e7daf89620ef4c088a0
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
This is only the bare minimum needed to build the textual tshark utility.
Support for more options, including the wireshark GUI, can be added later.
[Peter: point includedir at staging to workaround host/target headers issue]
Cc: Stefan Fröberg <stefan.froberg@petroprogram.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Acked-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Tested-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>