Commit Graph

22 Commits

Author SHA1 Message Date
Baruch Siach
9ac75335bf libtasn1: security bump to version 4.13
CVE-2017-10790: NULL pointer dereference and crash when reading crafted
input

CVE-2018-6003: Stack exhaustion due to indefinite recursion during BER
decoding

Add license files hashes.

Cc: Stefan Fröberg <stefan.froberg@petroprogram.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-02-08 22:11:44 +01:00
Peter Korsgaard
2fb7cbeb74 libtasn1: security bump to version 4.12
Fixes CVE-2017-7650: Two errors in the "asn1_find_node()" function
(lib/parser_aux.c) within GnuTLS libtasn1 version 4.10 can be exploited to
cause a stacked-based buffer overflow by tricking a user into processing a
specially crafted assignments file via the e.g.  asn1Coding utility.

For more details, see:

https://secuniaresearch.flexerasoftware.com/secunia_research/2017-11/

Or the 1.4.11 release mail (no mail about 1.4.12, but identical to 1.4.11 +
a soname fix):

https://lists.gnu.org/archive/html/help-libtasn1/2017-05/msg00003.html

Remove 0001-configure-don-t-add-Werror-to-build-flags.patch and autoreconf
as that patch is now upstream.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-05-30 09:03:20 +02:00
Rahul Bedarkar
30a3e8d108 boot, package: use SPDX short identifier for LGPLv2.1/LGPLv2.1+
We want to use SPDX identifier for license string as much as possible.
SPDX short identifier for LGPLv2.1/LGPLv2.1+ is LGPL-2.1/LGPL-2.1+.

This change is done using following command.
find . -name "*.mk" | xargs sed -ri '/LICENSE( )?[\+:]?=/s/LGPLv2.1(\+)?/LGPL-2.1\1/g'

Signed-off-by: Rahul Bedarkar <rahulbedarkar89@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-04-01 15:18:10 +02:00
Rahul Bedarkar
337aa51f3f boot, package: use SPDX short identifier for GPLv3/GPLv3+
We want to use SPDX identifier for license string as much as possible.
SPDX short identifier for GPLv3/GPLv3+ is GPL-3.0/GPL-3.0+.

This change is done using following command.
find . -name "*.mk" | xargs sed -ri '/LICENSE( )?[\+:]?=/s/\<GPLv3\>/GPL-3.0/g'

Signed-off-by: Rahul Bedarkar <rahulbedarkar89@gmail.com>
Acked-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-04-01 15:17:59 +02:00
Brian Redbeard
9ec6172671 package/libtasn1: Fix GNU Mirror Path
Replacing ftpmirror.gnu.org with BR2_GNU_MIRROR variable

Signed-off-by: Brian 'redbeard' Harrington <redbeard@coreos.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-02-06 18:59:18 +01:00
Gustavo Zacarias
731b3c51aa libtasn1: clarify licensing info
The library is LGPLv2.1+, the tests and tools are GPLv3+ so clarify to
avoid confusion.

Signed-off-by: Gustavo Zacarias <gustavo.zacarias@free-electrons.com>
Reviewed-by: Rahul Bedarkar <rahul.bedarkar@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2016-10-22 16:45:06 +02:00
Gustavo Zacarias
1e5ec4683a libtasn1: bump to version 4.9
Add upstream patch to fix build failure with gcc warnings on.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2016-08-11 00:03:45 +02:00
Gustavo Zacarias
1c05e4b0df libtasn1: bump to version 4.8
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2016-04-13 21:40:02 +02:00
Gustavo Zacarias
756b0b7b1a libtasn1: comma separate licenses
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-12-15 22:04:23 +01:00
Gustavo Zacarias
38f6f0fa33 libtasn1: bump to version 4.6
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Reviewed-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Tested-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-09-13 12:07:22 +02:00
Gustavo Zacarias
1a3e74cf5a libtasn1: bump to version 4.5
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2015-04-30 15:29:40 +02:00
Gustavo Zacarias
899ba2dbd5 libtasn1: security bump to version 4.4
Corrects a two-byte stack overflow in asn1_der_decoding (no CVE
assigned yet).

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-03-30 17:55:16 +02:00
Gustavo Zacarias
fb9900f090 libtasn1: bump to version 4.3
Also add hash file.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2015-03-10 22:21:23 +01:00
Gustavo Zacarias
1f300a27ed libtasn1: bump to version 4.2
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2014-09-16 21:08:52 +02:00
Gustavo Zacarias
6bc27623e3 libtasn1: bump to version 4.1
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2014-08-26 23:46:17 +02:00
Gustavo Zacarias
71bca69264 libtasn1: bump to version 4.0
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2014-06-27 13:10:42 +02:00
Gustavo Zacarias
26f033b8ee libtasn1: bump to version 3.6
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2014-05-26 11:49:31 +02:00
Gustavo Zacarias
7ead31cf5a libtasn1: bump to version 3.5
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2014-05-03 21:04:23 +02:00
Gustavo Zacarias
edce303b8d libtasn1: fix botched makeinfo/missing logic
The makeinfo/missing logic is botched leading to failures such as:
http://autobuild.buildroot.net/results/5f0/5f0e8f62be86b56813f5fc0510e83289ed2b0410/
Just disable documentation build the hard way.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2013-12-02 13:33:02 +01:00
Gustavo Zacarias
8d44089c8e libtasn1: bump to version 3.4
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2013-12-02 11:41:59 +01:00
Alexandre Belloni
8dfd59d114 Normalize separator size to 80
Signed-off-by: Alexandre Belloni <alexandre.belloni@free-electrons.com>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2013-06-06 22:30:24 +02:00
Stefan Fröberg
e4d32a7a46 new package: libtasn1
Libtasn1 is the ASN.1 library used by GnuTLS, GNU Shishi and some
other packages. It was written by Fabio Fiorina, and has been
shipped as part of GnuTLS for some time but is now a proper
GNU package.

[Peter: Both licenses are '+']
Signed-off-by: Stefan Fröberg <stefan.froberg@petroprogram.com>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2013-03-05 08:55:44 +01:00