buildroot

mirror of https://github.com/godotengine/buildroot.git synced 2026-01-08 02:09:48 +03:00

Author	SHA1	Message	Date
Frank Vanbever	670329f057	package/libmodsecurity: security bump to version 3.0.10 - Fixes CVE-2023-38285 [1] - Adapted 0001-configure.ac-drop-usage-of-git-at-configure-time.patch due to upstream moving to autoconf portable shell constructs. Signed-off-by: Frank Vanbever <frank.vanbever@mind.be> [1] https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/modsecurity-v3-dos-vulnerability-in-four-transformations-cve-2023-38285/ Signed-off-by: Frank Vanbever <frank.vanbever@mind.be> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>	2023-08-24 20:55:47 +02:00
Frank Vanbever	a1e0e7276c	package/libmodsecurity: bump to version 3.0.9 - Drop 0003-Revert-Fix-maxminddb-link-on-FreeBSD.patch, handling of libmaxminddb was fixed upstream in d2b700d - Drop 0004-build-pcre.m4-fix-build-without-pcre.patch, handling of PCRE was fixed upstream in 791964a Signed-off-by: Frank Vanbever <frank.vanbever@mind.be> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>	2023-05-01 09:26:55 +02:00
Fabrice Fontaine	97bdc0616c	package/libmodsecurity: needs dynamic library Commit `9fc652a373` was incomplete as mbedtls can be pulled in libcurl through libssh2 resulting in the following build failure: /home/autobuild/autobuild/instance-4/output-1/host/lib/gcc/powerpc64le-buildroot-linux-musl/11.3.0/../../../../powerpc64le-buildroot-linux-musl/bin/ld: /home/autobuild/autobuild/instance-4/output-1/host/powerpc64le-buildroot-linux-musl/sysroot/usr/lib//libmbedcrypto.a(md5.c.o): in function `mbedtls_md5_init': md5.c:(.text+0x0): multiple definition of `mbedtls_md5_init'; ../../src/.libs/libmodsecurity.a(libmbedtls_la-md5.o):md5.c:(.text+0x0): first defined here Fixes: - http://autobuild.buildroot.org/results/4c235e46188f23d1a48297f4e5942cec7b25959a Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>	2023-02-21 09:30:41 +01:00
Fabrice Fontaine	1b20c52a5b	package/libmodsecurity: bump to version 3.0.8 https://github.com/SpiderLabs/ModSecurity/releases/tag/v3.0.8 Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>	2023-01-27 13:46:23 +01:00
Fabrice Fontaine	f5e1cec700	package/libmodsecurity: select pcre2 Commit `ea746f3128` forgot to select pcre2 resulting in the following build failure: Makefile:575: *** pcre2 is in the dependency chain of libmodsecurity that has added it to its _DEPENDENCIES variable without selecting it or depending on it from Config.in. Stop. Fixes: - http://autobuild.buildroot.org/results/6528d2611bd1a45c1e94bc6b866de9c33dd90a7b Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>	2022-07-28 22:56:21 +02:00
Fabrice Fontaine	ea746f3128	package/libmodsecurity: bump to version 3.0.7 Switch to pcre2 as pcre is deprecated https://github.com/SpiderLabs/ModSecurity/releases/tag/v3.0.7 Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>	2022-07-27 16:43:56 +02:00
Fabrice Fontaine	9fc652a373	package/libmodsecurity: needs dynamic library with libcurl and mbedtls libmodsecurity embeds several mbedtls source files since version 3.0.0 and `a3ae686f25` resulting in the following static build failure if curl is built with mbedtls support: /home/buildroot/autobuild/instance-0/output-1/host/opt/ext-toolchain/m68k-buildroot-uclinux-uclibc/bin/ld.real: /home/buildroot/autobuild/instance-0/output-1/host/bin/../m68k-buildroot-uclinux-uclibc/sysroot/usr/lib/libmbedcrypto.a(md5.c.o): in function `mbedtls_md5_free': md5.c:(.text+0x16): multiple definition of `mbedtls_md5_free'; ../../src/.libs/libmodsecurity.a(libmbedtls_la-md5.o):md5.c:(.text+0x16): first defined here Fixes: - http://autobuild.buildroot.org/results/98472a3a41cdbcb3d02289a437074a267f4b2e8e Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>	2022-06-19 17:22:26 +02:00
Fabrice Fontaine	d317b76458	package/libmodsecurity: security bump to version 3.0.6 Support configurable limit on depth of JSON parsing (possible DoS issue) https://github.com/SpiderLabs/ModSecurity/releases/tag/v3.0.6 Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>	2021-11-28 14:35:43 +01:00
Giulio Benetti	2a48a6ee9d	package/libmodsecurity: disable -fPIC on m68k_cf This package has -fPIC gcc option set by default but we can't use it on m68k_cf since it doesn't support it throwing a gcc build failure. So let's disable it by passing -fno-PIC. Fixes: http://autobuild.buildroot.net/results/b92980a563fe7ee331e70f288ce041be0bf29d40/ Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com> Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>	2021-08-24 00:24:48 +02:00
Fabrice Fontaine	94b6fbd582	package/libmodsecurity: fix build with libmaxminddb Build with libmaxminddb is broken since bump to version 3.0.5 in commit `464d0be380` because of `785958f9b5` So revert this commit until upstream answer to comment to https://github.com/SpiderLabs/ModSecurity/issues/2131 Reverting this commit requires autoreconfiguring, which itself causes lots of warnings as configure.ac queries git to know the version of various parts of libmodsecurity. However, it turns out that those versions are only used to be displayed in the output of the configure script, which is quite useless. The only one that is referenced elsewhere is LIBINJECTION_VERSION, but it's in fact a different thing: it is defined by others/libinjection/src/libinjection_sqli.c. The only variable that was AC_SUBST() and therefore visible elsewhere was MSC_GIT_VERSION, but it is not used anywhere in the code base, except in the configure script itself. Note that one patch is 0001 and the other 0003, because there was already a 0002 patch. Fixes: - http://autobuild.buildroot.org/results/4c639fd967faa06f8ae362bacd38f3409c47267c Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>	2021-08-02 22:23:23 +02:00
Fabrice Fontaine	489cbfd7df	package/libmodsecurity: fix static build Fix the following static build failure with nginx raised since bump of libmodsecurity to version 3.0.5 in commit `464d0be380`: /home/buildroot/autobuild/instance-2/output-1/host/lib/gcc/xtensa-buildroot-linux-uclibc/10.3.0/../../../../xtensa-buildroot-linux-uclibc/bin/ld: /home/buildroot/autobuild/instance-2/output-1/host/bin/../xtensa-buildroot-linux-uclibc/sysroot/usr/lib/libmodsecurity.a(libmodsecurity_la-transaction.o): in function `std::basic_streambuf<char, std::char_traits<char> >::sbumpc() [clone .isra.0]': transaction.cc:(.text+0x40): undefined reference to `std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::_M_dispose()' Fixes: - http://autobuild.buildroot.org/results/e5a9eb8448980f1c5cafe97180b7d1f48ddf02ca Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>	2021-07-28 21:41:45 +02:00
Fabrice Fontaine	464d0be380	package/libmodsecurity: security bump to version 3.0.5 Security Impacting Issues Handle URI received with uri-fragment [@martinhsv] - Drop patches (already in version) and so drop autoreconf - Static linking is supported since `f76a1a667b` - Update indentation in hash file (two spaces) https://github.com/SpiderLabs/ModSecurity/releases/tag/v3.0.5 Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>	2021-07-15 22:42:12 +02:00
Fabrice Fontaine	82f5293d73	package/libmodsecurity: drop AC_CHECK_FILE workaround Drop AC_CHECK_FILE workaround as it is not needed since version 3.0.4: `8af8cad907` Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>	2021-07-15 22:41:53 +02:00
Fabrice Fontaine	87c9fd60d4	package/libmodsecurity: add CPE variables cpe:2.3🅰️trustwave:modsecurity is a valid CPE identifier for this package: https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Atrustwave%3Amodsecurity Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>	2021-03-06 11:18:24 +01:00
Fabrice Fontaine	7be9224885	package/libmodsecurity: needs threads Fixes: - http://autobuild.buildroot.org/results/78391abbf87ac9c04b13d7aab7acf7d1aaade75d Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>	2020-02-03 14:06:35 +01:00
Frank Vanbever	788a7560cb	package/libmodsecurity: point to staging pcre-config The libmodsecurity build system uses the file installed on the host if not explicitly pointed to pcre-config in the staging dir. Fixes: - http://autobuild.buildroot.net/results/f936ad05bca4bb776917306700750ba6d2498ef0 + similar failures for other architectures Signed-off-by: Frank Vanbever <frank.vanbever@essensium.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>	2020-02-01 10:26:29 +01:00
Frank Vanbever	d9205b4da5	package/libmodsecurity: new package The dependency on !BR2_STATIC_LIBS is due to missing Libs.private in the libmodconfig pkg-config file making builds that statically link against libmodsecurity fail. Lua is disabled due to using the host libraries. Yajl is disabled as enabling it forces the tests to be built. These tests have a hard dependency on libmodsecurity.a which is not built when --disable-static is used in the configuration. There is no flag to disable these tests. Signed-off-by: Frank Vanbever <frank.vanbever@essensium.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>	2020-01-30 11:26:05 +01:00

17 Commits