Commit Graph

10 Commits

Author SHA1 Message Date
Baruch Siach
b17e5352ca gnupg2: security bump to version 2.0.27
Fixes:

CVE-2015-1606: Use after free, resulting from failure to skip invalid packets

CVE-2015-1607: memcpy with overlapping ranges, resulting from incorrect
bitwise left shifts

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2015-02-27 13:56:49 +01:00
Thomas De Schampheleire
aaffd209fa packages: rename FOO_CONF_OPT into FOO_CONF_OPTS
To be consistent with the recent change of FOO_MAKE_OPT into FOO_MAKE_OPTS,
make the same change for FOO_CONF_OPT.

Sed command used:
   find * -type f | xargs sed -i 's#_CONF_OPT\>#&S#g'

Signed-off-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2014-10-04 18:54:16 +02:00
Thomas Petazzoni
8a87887095 gnupg2: fix build on non-wchar toolchains
The gnupg2 configure script checks whether <stdint.h> complies with
C99. When doing this, it expects a number of WCHAR_* definitions to be
present, which is not the case on non-wchar capable toolchains. The
gnupg2 configure script then concludes that <stdint.h> is not
C99-compliant and generates its own, which causes some build failures
related to intmax_t being not defined.

Since wchar is not actually used in gnupg2, this commit fixes this
problem by forcing gnupg2 to think that our <stdint.h> is
C99-compliant.

Fixes:

  http://autobuild.buildroot.org/results/40f/40fff3bc304e1a83524f28be8f6afc2e217281ad/

And lots of similar issues. Thanks a lot for Romain Naour for the
initial investigation and lots of discussion on IRC about this issue.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Reviewed-by: Romain Naour <romain.naour@openwide.fr>
2014-10-01 23:14:47 +02:00
Romain Naour
5f9d235e66 package/gnupg2: add readline optional dependency
This is to improve build reproducibility.

[Thomas: add --with-readline and --without-readline options to
explicitly enable/disable readline usage.]

Signed-off-by: Romain Naour <romain.naour@openwide.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2014-10-01 22:45:24 +02:00
Romain Naour
b39e3e39eb package/gnupg2: add bzip2 optional dependency
This is to improve build reproducibility.

[Thomas: add --enable-bzip2 --with-bzip options.]

Signed-off-by: Romain Naour <romain.naour@openwide.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2014-10-01 22:45:21 +02:00
Peter Korsgaard
5aedb8be68 Merge branch 'next'
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2014-09-01 15:22:07 +02:00
Gustavo Zacarias
b13b0218c2 gnupg2: bump to version 2.0.26
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2014-08-27 21:33:31 +02:00
Vicente Olivert Riera
c0da68a90c gnupg2: Needs a suitable iconv implementation
gnupg2 needs a toolchain with locale support or a package which provides
a suitable iconv implementation (libiconv). Otherwise it will fail at
the configure phase with an error like this one:

*** It is now required to build with support for iconv
*** Please install a suitable iconv implementation.

Fixes:
  http://autobuild.buildroot.net/results/8c9/8c93c28533dfebffa8b2e34b1421d3fa3cdeb278/

Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Reviewed-by: Markos Chandras <Markos.Chandras@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2014-08-15 22:30:36 +02:00
Gustavo Zacarias
79c77a6e7f gnupg2: security bump to version 2.0.25
Fixes CVE-2014-4617 (The do_uncompress function in g10/compress.c
allows context-dependent attackers to cause a denial of service
(infinite loop) via malformed compressed packets, as demonstrated by an
a3 01 5b ff byte sequence.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2014-08-04 20:08:54 +02:00
Vicente Olivert Riera
beb49d882e gnupg2: new package
[Thomas: use libpthsem instead of pth, remove !uclibc dependency,
minor formatting fixes in the .mk file.]

Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Reviewed-by: Markos Chandras <Markos.Chandras@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2014-07-23 23:32:05 +02:00