OpenPOWER buildroot sources https://git.raptorcs.com/git/buildroot/atom?h=2019.02-op-build 2018-10-03T07:33:13+00:00 2018-10-03T07:33:13+00:00 Peter Korsgaard peter@korsgaard.com 2018-10-02T15:35:52+00:00 urn:sha1:040cf15a8760c91f82b61a3e2cadf1b91b7c45af The fix for CVE-2018-16151 / 16152 contained an exploitable bug. For details, see: https://www.strongswan.org/blog/2018/10/01/strongswan-vulnerability-(cve-2018-17540).html Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2018-10-01T12:31:28+00:00 Peter Korsgaard peter@korsgaard.com 2018-09-30T20:12:15+00:00 urn:sha1:5e04cdde197f17472a85423f4063b8f6ee19a82c Fixes the following security issues: CVE-2018-16151: The OID parser in the ASN.1 code in gmp allows any number of random bytes after a valid OID. CVE-2018-16152: The algorithmIdentifier parser in the ASN.1 code in gmp doesn't enforce a NULL value for the optional parameter which is not used with any PKCS#1 algorithm. For more details, see the advisory: https://www.strongswan.org/blog/2018/09/24/strongswan-vulnerability-(cve-2018-16151,-cve-2018-16152).html Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2018-09-20T19:08:47+00:00 Matt Weber matthew.weber@rockwellcollins.com 2018-09-20T15:16:27+00:00 urn:sha1:084d53d6e9b9307e9ed4c4518731ba5f928043a1 Adds '--with-dev-headers' configure option to install development headers into staging. The package provides these headers to enable linking against pluggins. Signed-off-by: Paresh Chaudhary <paresh.chaudhary@rockwellcollins.com> Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> 2018-06-23T08:03:50+00:00 Paresh Chaudhary paresh.chaudhary@rockwellcollins.com 2018-06-20T21:04:33+00:00 urn:sha1:d759195b44342c981175de6ddde6a71b7ce47b27 Signed-off-by: Paresh Chaudhary <paresh.chaudhary@rockwellcollins.com> Signed-off-by: Matt Weber <matthew.weber@rockwellcollins.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2017-12-18T08:22:54+00:00 Thomas Petazzoni thomas.petazzoni@free-electrons.com 2017-12-18T08:21:05+00:00 urn:sha1:2277fdeca8c94f8ea8fe8afebcdbb176c6b1531d This commit fixes the warnings reported by check-package on the help text of all package Config.in files, related to the formatting of the help text: should start with a tab, then 2 spaces, then at most 62 characters. The vast majority of warnings fixed were caused by too long lines. A few warnings were related to spaces being used instead of a tab to indent the help text. Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2017-12-13T13:06:43+00:00 Sam Voss sam.voss@rockwellcollins.com 2017-12-12T22:19:38+00:00 urn:sha1:738435ad76f6cb4a21841d52612908feb4501b2d Install strongswan ipsec libraries into /usr/lib instead of /usr/lib/ipsec to place them in preferred library common location. Signed-off-by: Sam Voss <sam.voss@rockwellcollins.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2017-10-03T12:28:32+00:00 Matt Weber matthew.weber@rockwellcollins.com 2017-10-02T15:31:07+00:00 urn:sha1:cc7fd91c4b978ea3113464624ce051e0918b48f6 Recent releases of glibc don't include the full stdint.h header in some network headers included by utils.h. Upstream is targetting a 5.6.1 release of the fix. Ustream: https://wiki.strongswan.org/issues/2425 Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2017-09-08T09:14:42+00:00 Peter Korsgaard peter@korsgaard.com 2017-09-07T15:26:55+00:00 urn:sha1:2a59db1bb079dfd7cb40ffff7ac1cd550ff6662e Fixes CVE-2017-11185: The gmp plugin in strongSwan before 5.6.0 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted RSA signature. For more details, see https://www.strongswan.org/blog/2017/08/14/strongswan-vulnerability-%28cve-2017-11185%29.html While we're at it, add hashes for the license files. Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2017-05-30T21:37:26+00:00 Peter Korsgaard peter@korsgaard.com 2017-05-30T13:03:24+00:00 urn:sha1:e43efb9b654ae19e9e47ae5828d9e99b044f37c9 Fixes: CVE-2017-9022 - RSA public keys passed to the gmp plugin aren't validated sufficiently before attempting signature verification, so that invalid input might lead to a floating point exception and crash of the process. A certificate with an appropriately prepared public key sent by a peer could be used for a denial-of-service attack. https://www.strongswan.org/blog/2017/05/30/strongswan-vulnerability-%28cve-2017-9022%29.html CVE-2017-9023 - ASN.1 CHOICE types are not correctly handled by the ASN.1 parser when parsing X.509 certificates with extensions that use such types. This could lead to infinite looping of the thread parsing a specifically crafted certificate. https://www.strongswan.org/blog/2017/05/30/strongswan-vulnerability-%28cve-2017-9023%29.html Signed-off-by: Peter Korsgaard <peter@korsgaard.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2017-05-11T19:20:46+00:00 Baruch Siach baruch@tkos.co.il 2017-05-11T11:22:11+00:00 urn:sha1:dd24d95a76d19378b50e1d8a26ff0a00860671c6 Add patch from upstream pending pull request (#72) to fix crypt() definition conflict. Fixes: http://autobuild.buildroot.net/results/612/6120add5ad6e7f5d575fc2a2442cd7fe5302eb46/ http://autobuild.buildroot.net/results/ba1/ba1298e71ef28857654ae8d4593d09e4fe8cdda0/ http://autobuild.buildroot.net/results/6b9/6b928e2a6a35bfb21c792fca083bc4cbdaef9304/ Cc: Jérôme Pouiller <jezz@sysmic.org> Signed-off-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>