openssl is an optional dependency which is enabled by default since at
least 2007 and
4c17f25c0f
Enable DES, MD4 and RC4 in openssl to fix build failure raised since
commit a83d41867c
Fixes:
- http://autobuild.buildroot.org/results/d73b477bd2064aee076f9debfd8d3346c63ba657
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr: squash the two commits together]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
ubihealthd is only being built, if mtd-utils are being built
--with-ubifs. Reflect that dependency within buildroot.
Signed-off-by: Markus Mayer <mmayer@broadcom.com>
Tested-by: Heiko Thiery <heiko.thiery@gmail.com>
[yann.morin.1998@free.fr: fix check-package]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The comment has been introduced by commit [1] where the latest
gdb version has been used when cross-gdb is not enabled.
But since then the gdb package doesn't use the latest gdb version when
cross-gdb is not enabled. It's the "stable" version.
[1] https://git.buildroot.net/buildroot/commit/?id=fda818390b5e6a585608f4523356eafa0c587f53
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Commit d72350e62a disabled boost::logs on
riscv32 due to the use of SYS_futex, which doesn't exist on riscv32.
Revert "package/boost: disable logs with riscv32" and add an upstream
patch that uses SYS_futex_time64 instead.
This reverts commit d72350e62a.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 5293208a57)
[Peter: drop Makefile change]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
perl-crypt-openssl-rsa inherits the dependency on openssl indirectly
from perl-crypt-openssl-random. Hwvere, perl-crypt-openssl-rsa needs
the openssl libraries for itself, so it must explicitly depend on it.
So far, this was totally unconsequential, but since commit a83d41867c
(package/libopenssl: add option to enable some features), features can
be configured out, of which RMD160 that perl-crypt-openssl-rsa needs.
If we were to add the select to that option (in a followup commit),
without a dependency to openssl, that would be very confusing in the
future.
So, add the explicit dependency now.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fix tarball name for sha256 which is wrong since the addition of the
package in commit 71f7fc8a27
While at it, also update indentation to 2 spaces
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Enable DES, MD4 and RC4 in openssl to fix build failure raised since
commit a83d41867c
Fixes:
- http://autobuild.buildroot.org/results/ce601fb26d143e03adb39c41f2fdfca3b3191127
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr:
- drop conditionals on selects: libopenssl is forced
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
As suggested by Yann, let's avoid announcing the exact date of the
next course, as it gets outdated very often. Instead, use a more
generic wording and simply point to a Bootlin page that has all the
details.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
A flaw was found in rsync in versions since 3.2.0pre1. Rsync improperly
validates certificate with host mismatch vulnerability. A remote,
unauthenticated attacker could exploit the flaw by performing a
man-in-the-middle attack using a valid certificate for another hostname
which could compromise confidentiality and integrity of data transmitted
using rsync-ssl. The highest threat from this vulnerability is to data
confidentiality and integrity. This flaw affects rsync versions before
3.2.4.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[Peter: add a comment explaining what patch fixes this CVE]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Enable RC4 in openssl to fix build failure raised since commit
a83d41867c
Fixes:
- http://autobuild.buildroot.org/results/c658beb245cbf06786aa4155c7649c3e1a613e39
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr:
- move the 'select' of the option closer to the 'select' on openssl
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fixes the following security issues:
- CVE-2021-28651: Denial of Service in URN processing
Due to a buffer management bug Squid is vulnerable to a Denial of service
attack against the server it is operating on.
This attack is limited to proxies which attempt to resolve a "urn:"
resource identifier. Support for this resolving is enabled by default in
all Squid.
https://github.com/squid-cache/squid/security/advisories/GHSA-ch36-9jhx-phm4
- CVE-2021-28652: Denial of Service issue in Cache Manager
Due to an incorrect parser validation bug Squid is vulnerable to a Denial
of Service attack against the Cache Manager API.
https://github.com/squid-cache/squid/security/advisories/GHSA-m47m-9hvw-7447
- CVE-2021-28662: Denial of Service in HTTP Response Processing
Due to an input validation bug Squid is vulnerable to a Denial of Service
against all clients using the proxy.
https://github.com/squid-cache/squid/security/advisories/GHSA-jjq6-mh2h-g39h
- CVE-2021-31806, CVE-2021-31807, CVE-2021-31808: Multiple Issues in HTTP
Range header
Due to an incorrect input validation bug Squid is vulnerable to
a Denial of Service attack against all clients using the proxy.
https://github.com/squid-cache/squid/security/advisories/GHSA-pxwq-f3qr-w2xf
- CVE-2021-33620: Denial of Service in HTTP Response processing
Due to an input validation bug Squid is vulnerable to a Denial of Service
against all clients using the proxy.
https://github.com/squid-cache/squid/security/advisories/GHSA-572g-rvwr-6c7f
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bugfix release. From the release notes:
Some backports of important fixes to the 1.25 series, for very conservative
people.
libmpg123: Backport bit reservoir CRC fix from 1.26
libmpg123: Backport part2_3_length regression fix (bug 312).
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
BR2_PACKAGE_UDISKS_LVM2 was dropped in commit eb251b3008 (package/lvm2:
drop BR2_PACKAGE_LVM2_APP_LIBRARY), but missed when merging next. Drop it.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add a python3 host variant since another downstream OSS component
(OP-TEE) uses buildroot and it will depend on a python3 host variant
of python-cryptography.
Signed-off-by: Donald Chan <hoiho@lab126.com>
[yann.morin.1998@free.fr:
- drop target _DEPENDENCIES since this is a host-only package
- instead, add host-openssl to dependencies
- add CPE variables
- also add sync comment for python-pip
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Add a python3 host variant since we are adding a python3 host variant of
python-cryptography and it is dependent on this.
Signed-off-by: Donald Chan <hoiho@lab126.com>
[yann.morin.1998@free.fr:
- drop target _DEPENDENCIES since this is a host-only package
- also add sync comment to python-cffi
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
