Fixes CVE-2020-14382: A vulnerability was found in upstream release
cryptsetup-2.2.0 where, there's a bug in LUKS2 format validation code, that
is effectively invoked on every device/image presenting itself as LUKS2
container. The bug is in segments validation code in file
'lib/luks2/luks2_json_metadata.c' in function hdr_validate_segments(struct
crypt_device *cd, json_object *hdr_jobj) where the code does not check for
possible overflow on memory allocation used for intervals array (see
statement "intervals = malloc(first_backup * sizeof(*intervals));"). Due to
the bug, library can be *tricked* to expect such allocation was successful
but for far less memory then originally expected. Later it may read data
FROM image crafted by an attacker and actually write such data BEYOND
allocated memory.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes#13251
json-c >= 0.14.0 has a name clash with internal cryptsetup functions,
causing a runtime issue. Backport an upstream patch to rename the internal
functions to fix this.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Until now, libaio contained some architecture specific code to do the
syscalls. In fact, it contained a generic variant of the code called
syscall-generic.h, but it was showing a warning when it was used, as
if it was "not safe". Consequently, in Buildroot, we had chosen to
support libaio only on a the subset of architectures that were
explicitly handled by libaio.
However, between 0.3.110 and 0.3.111, libaio upstream entirely dropped
the architecture-specific code:
https://pagure.io/libaio/c/97fd3fc0195500e616e34047cba4846164c411d9?branch=master
Consequently, in this patch, we:
- Bump libaio to 0.3.111.
- Switch to the new upstream at https://pagure.io/libaio/.
- Drop the 0001-arches.patch patch, which was adding support for
MIPS, since we no longer need architecture-specific code.
- Update the remaining patches, and Git-format one of them which
wasn't Git-formatted.
- Drop the BR2_PACKAGE_LIBAIO_ARCH_SUPPORTS option and all its uses.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
libblkid is a new optional dependency. Upstream "strongly discourages"
build without libblkid support. So enable libblkid unconditionally.
Cc: Martin Hicks <mort@bork.org>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Add the now mandatory json-c depencecy. Propagate to reverse
dependencies.
Drop the no longer needed patch.
Add license files hashes.
[Peter: propagate _HAS_SYNC_4 dependency to comments as pointed out by
Thomas]
Cc: Martin Hicks <mort@bork.org>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The basic lvm2 package (libdevmapper / dmsetup) does build under musl, only the
standard (full) installation doesn't.
Many setups only need the basic package, so move the !musl dependencies down
to the sub options and adjust the reverse dependencies (cryptsetup/dmraid)
to match.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
[Thomas: adjust Config.in comments and dependencies.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This commit switches to use the new gettext logic, which involves:
- using TARGET_NLS_DEPENDENCIES instead of hand-encoded dependencies
on gettext/host-gettext
- using TARGET_NLS_LIBS to force linking against libintl
- dropping BR2_PACKAGE_GETTEXT selection
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
We want to use SPDX identifier for license string as much as possible.
SPDX short identifier for LGPLv2.1/LGPLv2.1+ is LGPL-2.1/LGPL-2.1+.
This change is done using following command.
find . -name "*.mk" | xargs sed -ri '/LICENSE( )?[\+:]?=/s/LGPLv2.1(\+)?/LGPL-2.1\1/g'
Signed-off-by: Rahul Bedarkar <rahulbedarkar89@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
We want to use SPDX identifier for license strings as much as possible.
SPDX short identifier for GPLv2/GPLv2+ is GPL-2.0/GPL-2.0+.
This change is done by using following command.
find . -name "*.mk" | xargs sed -ri '/LICENSE( )?[\+:]?=/s/\<GPLv2\>/GPL-2.0/g'
Signed-off-by: Rahul Bedarkar <rahulbedarkar89@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Commit 006a328ad6 ("util-linux: fix build with ncurses") removed
dependency on BR2_USE_WCHAR, but failed to update the reverse
dependencies of util-linux.
This commit fixes all such reverse dependencies by removing dependency
on BR2_USE_WCHAR as it is not required by package itself.
Fixes: 006a328ad6 ("util-linux: fix build with ncurses")
Signed-off-by: Rahul Bedarkar <rahul.bedarkar@imgtec.com>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Cc: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
cryptsetup does not actually depend on e2fsprogs, but on libuuid that is a
dependency of e2fsprogs. Remove the e2fsprogs dependency, and add a direct
dependency on util-linux (libuuid provider).
Cc: Martin Hicks <mort@bork.org>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
- Add support for the alternative OpenSSL and Linux kernel crypto backends.
The latter does require that additional kernel modules (like algif_hash)
are present and loaded before invoking cryptsetup, so is used as last choice.
- Removes CRYPTSETUP_AUTORECONF as it is redundant, and reconf does
create a dependency on libgcrypt for the m4 macros used.
[Thomas: add an explicit --with-crypto_backend=gcrypt with the
libgcrypt backend is requested.]
Signed-off-by: Floris Bos <bos@je-eigen-domein.nl>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Since a while, the semantic of BR2_PREFER_STATIC_LIB has been changed
from "prefer static libraries when possible" to "use only static
libraries". The former semantic didn't make much sense, since the user
had absolutely no control/idea of which package would use static
libraries, and which packages would not. Therefore, for quite some
time, we have been starting to enforce that BR2_PREFER_STATIC_LIB
should really build everything with static libraries.
As a consequence, this patch renames BR2_PREFER_STATIC_LIB to
BR2_STATIC_LIBS, and adjust the Config.in option accordingly.
This also helps preparing the addition of other options to select
shared, shared+static or just static.
Note that we have verified that this commit can be reproduced by
simply doing a global rename of BR2_PREFER_STATIC_LIB to
BR2_STATIC_LIBS plus adding BR2_PREFER_STATIC_LIB to Config.in.legacy.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
The libblkid library in util-linux uses fork. While it seems
potentially possible to disable the parts of the library that use fork
(the only parts using fork are parts related to LVM and Device Mapper,
which are said to be legacy as they are replaced by sysfs based
scanning, instead of having to fork to run a separate process).
However, since libblkid is used by:
- e2fsprogs, which uses lots of fork all over the place
- udev, which most likely will also need fork
There is not much point in making libblkid fork-less. As a
consequence, this commit makes util-linux/libblkid unavailable on
non-MMU architectures, and propagates the relevant dependency to the
reverse dependencies of libblkid.
This fixes the e2fsprogs build failure seen on Blackfin. The failure
was due to a configure test of e2fsprogs which was trying to link a
small test program against libblkid, which failed because there was an
undefined reference to fork() in the libblkid code.
Fixes:
http://autobuild.buildroot.net/results/ee2c1568d16ac040011dd4d6d8b543ff9e9e2622/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
