| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes the following security issues:
CVE-2018-16758: Michael Yonli discovered that tinc 1.0.34 and earlier allow
a man-in-the-middle attack that, even if the MITM cannot decrypt the traffic
sent between the two endpoints, when the MITM can correctly predict when an
ephemeral key exchange message is sent in a TCP connection between two
nodes, allows the MITM to force one node to send UDP packets in plaintext.
The tinc 1.1pre versions are not affected by this.
CVE-2018-16738: Michael Yonli discoverd that tinc versions 1.0.30 to 1.0.34
allow an oracle attack, similar to CVE-2018-16737, but due to the
mitigations put in place for the Sweet32 attack in tinc 1.0.30, it now
requires a timing attack that has only a limited time to complete. Tinc
1.1pre16 and earlier are also affected if there are nodes on the same VPN
that still use the legacy protocol from tinc version 1.0.x.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
|
| |
|
|
|
|
|
|
| |
Updated license hash after upstream commit:
http://www.tinc-vpn.org/git/browse?p=tinc;a=commitdiff;h=54b18a85f68652f94ac5ecffbd9d100879ed06ea
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
|
| |
|
|
|
| |
Signed-off-by: Zoltan Gyarmati <mr.zoltan.gyarmati@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The check-package script when ran gives warnings on ordering issues
on all of these Config files. This patch cleans up all warnings
related to the ordering in the Config files for packages starting with
the letter t in the package directory.
The appropriate ordering is: type, default, depends on, select, help
See http://nightly.buildroot.org/#_config_files for more information.
Signed-off-by: Adam Duskett <Adamduskett@outlook.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
We want to use SPDX identifier for license strings as much as possible.
SPDX short identifier for GPLv2/GPLv2+ is GPL-2.0/GPL-2.0+.
This change is done by using following command.
find . -name "*.mk" | xargs sed -ri '/LICENSE( )?[\+:]?=/s/\<GPLv2\>/GPL-2.0/g'
Signed-off-by: Rahul Bedarkar <rahulbedarkar89@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
| |
|
|
|
| |
Signed-off-by: Zoltan Gyarmati <mr.zoltan.gyarmati@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
uClibc-ng does not support PIE for some architectures as
arc and m68k. It isn't implemented in the static linking case, too.
With musl toolchains you might have static PIE support with little
patching of gcc. Static linking for GNU libc isn't enabled in
buildroot. Fixup any package using special treatment of PIE.
(grep -ir pie package/*/*.mk)
Signed-off-by: Waldemar Brodkorb <wbx@openadk.org>
[Thomas: use positive logic.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
| |
|
|
|
|
|
|
|
| |
This patch can be applied after the release of buildroot 2016.05.
Removed 0001-musl.patch, applied upstream.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
| |
|
|
|
|
|
|
| |
Fixes
http://autobuild.buildroot.net/results/5b1/5b1d0c8c1bd75f7e228c313cb21b1638301568ae/
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
| |
|
|
|
|
|
|
| |
Fixes
http://autobuild.buildroot.net/results/d5b/d5b2f905d8da79cebda1408ffceac6d4c99f9e7b/
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Even though ARC gcc understands "-pie" option and attempts to generate
PIE binaries as of today PIE is not really supported for user-space
applications.
So we disable PIE detection if building for ARC.
That fixes http://autobuild.buildroot.net/results/2b1/2b1aa474fc432f3f79b03c4577d68642bb7e0f9c
and also prevents execution of non-supported PIE binary in runtime.
[Thomas: fix indentation.]
Signed-off-by: Alexey Brodkin <abrodkin@synopsys.com>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
| |
|
|
|
| |
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
|
|
[Thomas:
- fix license from GPLv2 to 'GPLv2+ with OpenSSL exception'
- add -std=c99 to CFLAGS, otherwise it doesn't build with a minimal
toolchain configuration
- add BR2_USE_MMU dependency since fork() is used.]
Signed-off-by: Zoltan Gyarmati <mr.zoltan.gyarmati@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|