Commit Graph

13 Commits

Author SHA1 Message Date
Joel Carlson
96d3e5fd2f package/capnproto: bump version to 0.10.3
The 0.10 line offers minor improvements and bug fixes.

The previous security bump from 0.9.1 to 0.9.2 fixed CVE-2022-46149,
which was also present in 0.10.2, but is fixed within 0.10.3.

Signed-off-by: Joel Carlson <JoelsonCarl@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2022-12-29 10:04:19 +01:00
Fabrice Fontaine
040ab175df package/capnproto: security bump to version 0.9.2
Fix CVE-2022-46149: Cap'n Proto is a data interchange format and remote
procedure call (RPC) system. Cap'n Proro prior to versions 0.7.1, 0.8.1,
0.9.2, and 0.10.3, as well as versions of Cap'n Proto's Rust
implementation prior to 0.13.7, 0.14.11, and 0.15.2 are vulnerable to
out-of-bounds read due to logic error handling list-of-list. This issue
may lead someone to remotely segfault a peer by sending it a malicious
message, if the victim performs certain actions on a list-of-pointer
type. Exfiltration of memory is possible if the victim performs
additional certain actions on a list-of-pointer type. To be vulnerable,
an application must perform a specific sequence of actions, described in
the GitHub Security Advisory. The bug is present in inlined code,
therefore the fix will require rebuilding dependent applications. Cap'n
Proto has C++ fixes available in versions 0.7.1, 0.8.1, 0.9.2, and
0.10.3.

https://github.com/capnproto/capnproto/security/advisories/GHSA-qqff-4vw4-f6hx
https://dwrensha.github.io/capnproto-rust/2022/11/30/out_of_bounds_memory_access_bug.html

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2022-12-11 14:21:44 +01:00
Fabrice Fontaine
ee3e17a717 package/capnproto: bump to version 0.9.1
- Drop patch (already in version)
- Fix build on musl by disabling fibers through the new KJ_USE_FIBERS
  variable:
  https://github.com/capnproto/capnproto/issues/1167
  https://github.com/capnproto/capnproto/pull/1313
- Update indentation in hash file (two spaces)

https://capnproto.org/news

Fixes:
 - http://autobuild.buildroot.org/results/1a54cf9e7223c2bd67a5c85a6f2f42aa98da3a53

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2021-12-11 10:56:34 +01:00
Fabrice Fontaine
e8c2a3e2d8 package/capnproto: fix build on riscv32
Fixes:
 - http://autobuild.buildroot.org/results/1c1cd4775241ee57d878cad5c978413d4b4a8736

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2021-06-01 22:40:04 +02:00
Fabrice Fontaine
cd9330e7d7 package/capnproto: add CAPNPROTO_CPE_ID_VENDOR
cpe:2.3🅰️capnproto:capnproto is a valid CPE identifier for this
package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Acapnproto%3Acapnproto

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-02-04 22:10:20 +01:00
Peter Korsgaard
c287d789b7 Merge branch 'next'
A number of merge conflicts, but hopefully they are all sorted out now.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-09-02 18:14:46 +02:00
Fabrice Fontaine
c20798bca2 package/capnproto: add openssl optional dependency
openssl is an optional dependency that is enabled by default since
version 0.7.0 and
23db5e3fd9

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-08-13 23:24:04 +02:00
Koen Martens
16f16ba4ea package/capnproto: bump version to 0.8.0
The new version requires an extra features in the toolchain and won't
build with a specific gcc bug, therefore two new toolchain options are
added as dependencies:

* !BR2_TOOLCHAIN_HAS_GCC_BUG_64735
* BR2_TOOLCHAIN_HAS_UCONTEXT

Signed-off-by: Koen Martens <gmc@sonologic.nl>
Reviewed-by: Joel Carlson <JoelsonCarl@gmail.com>
Tested-by: Joel Carlson <JoelsonCarl@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-08-08 23:24:51 +02:00
Joel Carlson
edc482d2c5 package/capnproto: require GCC 5 for C++14
Adds dependency on at least GCC 5 to have C++14 language features that
are required starting in version 0.7.0 of capnproto.

Fixes:
http://autobuild.buildroot.org/results/5c09e745cab822d830f73e33647f3b0e765c9181
(capnproto build failure)

Fixes:
http://autobuild.buildroot.org/results/743c750e9932658c20965a25de89c3f21a1d43e9
(host-capnproto build failure)

This updated dependency is propagated to capnproto unique reverse
dependency, c-capnproto.

Signed-off-by: Koen Martens <gmc@sonologic.nl>
Signed-off-by: Joel Carlson <JoelsonCarl@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-09-10 12:00:34 +02:00
Koen Martens
2a75bf3182 package/capnproto: bump version to 0.7.0
The patch against 0.6.1 has been merged upstream,
and has been removed from this package.

A small change has been made to the LICENSE file:
"Cloudflare, Inc." was added in the copyright
declaration.

Signed-off-by: Koen Martens <gmc@sonologic.nl>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-08-19 15:17:01 +02:00
Victor Huesca
69808c7536 package: remove 'v' prefix from github-fetched packages
On Github, a large number of projects name their tag vXYZ (i.e v3.0,
v0.1, etc.). In some packages we do:

 <pkg>_VERSION = v0.3
 <pkg>_SITE = $(call github foo,bar,$(<pkg>_VERSION))

And in some other packages we do:

 <pkg>_VERSION = 0.3
 <pkg>_SITE = $(call github foo,bar,v$(<pkg>_VERSION))

I.e in one case we consider the version to be v0.3, in the other case
we consider 0.3 to be the version.

The problem with v0.3 is that when used in conjunction with
release-monitoring.org, it doesn't work very well, because
release-monitoring.org has the concept of "version prefix" and using
that they drop the "v" prefix for the version.

Therefore, a number of packages in Buildroot have a version that
doesn't match with release-monitoring.org because Buildroot has 'v0.3'
and release-monitoring.org has '0.3'.

Since really the version number of 0.3, is makes sense to update our
packages to drop this 'v'.

This commit only addresses the (common) case of github packages where
the prefix is simply 'v'. Other cases will be handled by separate
commits. Also, there are a few cases that couldn't be handled
mechanically that aren't covered by this commit.

Signed-off-by: Victor Huesca <victor.huesca@bootlin.com>
[Arnout: don't change flatbuffers, json-for-modern-cpp, libpagekite,
 python-scapy3k, softether]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2019-06-19 22:27:55 +02:00
Peter Seiderer
2a72594448 package/capnproto: replace utf-8 apostrophe by ascii single quote
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-05-07 22:58:12 +02:00
Joel Carlson
21fc682289 capnproto: new package
Adds the capnproto package. This also builds a host variant to generate
the capnp compiler that can be used to compile message definitions into
C++ code. Includes a patch from upstream to fix an issue with uclibc.

Signed-off-by: Koen Martens <gmc@sonologic.nl>
Signed-off-by: Joel Carlson <JoelsonCarl@gmail.com>
[Thomas: only link with -latomic when BR2_TOOLCHAIN_HAS_LIBATOMIC=y.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-07-16 16:52:22 +02:00