Now that the infra takes care of removing extraneous spaces before
commas, we can safely append to LICENSE variables.
This removes the only case where we had to use immediate assignment
to append to a variable.
Mechanical change, with:
$ sed -r -i -e 's/\<([^[:space:]]+_LICENSE) := \$\(\1\),/\1 += ,/' \
$(git grep -l -E '\<([^[:space:]]+_LICENSE) := \$\(\1\),')
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Add a BR2_PACKAGE_GNUTLS_OPENSSL option, disabled by default since it is
not used by any package that depends on gnutls.
The library is licensed under GPLv3, which can be a problem for embedded
systems due to the so-called anti-tivoization clause.
Signed-off-by: Carlos Santos <unixmania@gmail.com>
[Thomas: don't repeat the license details for the gnutls-openssl case,
simply append to them]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes the following security issues:
* CVE-2019-3836: It was discovered in gnutls before version 3.6.7 upstream
that there is an uninitialized pointer access in gnutls versions 3.6.3 or
later which can be triggered by certain post-handshake messages
* CVE-2019-3829: A vulnerability was found in gnutls versions from 3.5.8
before 3.6.7. A memory corruption (double free) vulnerability in the
certificate verification API. Any client or server application that
verifies X.509 certificates with GnuTLS 3.5.8 or later is affected.
3.6.7.1 is identical to 3.6.7, but fixes a packaging issue in the release
tarball:
https://lists.gnutls.org/pipermail/gnutls-devel/2019-April/013086.html
HTTP URLs changed to HTTPS in COPYING, so update license hash.
Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Gnutls is building with no default location to look for CA certs. Since
there are buildroot packages to provide these, configure it to use them
by default.
Configure gnutls to find them using the bundle file which contains all
certs, rather than looking in the cert directory. When gnutls is told
to use the directory, it loads *every* file in it. This means it loads
the bundle with all certs, then loads each cert a second time using the
individual pem files, and then loads them all the third time via the
hash symlinks to the pem files.
When p11-kit is enabled, use its trust module instead of the bundle
file. p11-kit can be configured to use the bundle (the default), but it
can do other things too, such as integrate with the "trust" command for
adding and removing trust anchors.
Signed-off-by: Trent Piepho <tpiepho@impinj.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Commit 19448f40a0 (gnutls: use included unistring unless libunistring is
selected) made libunistring an optional dependency. So now gnutls no longer
depend on wchar.
Drop wchar dependency of libmicrohttpd and libsoup, which are gnutls
reverse dependencies that do not depend themselves on wchar.
Update the comments in libsoup and taskd; the wchar dependency is now
not due to gnutls.
Cc: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Use the included copy of libunistring unless BR2_PACKAGE_LIBUNISTRING
is already selected.
The resulting gnutls library with libunistring included is about 1.2 MB
smaller than the sum of libgnutls and libunistring.
Signed-off-by: Sven Neumann <neumann@teufel.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The check-package script when ran gives warnings on text wrapping
on all of these Config files. This patch cleans up all warnings
related to the text wrapping for the Config files starting with
the letter g in the package directory.
The appropriate indentation is: <tab><2 spaces><62 chars>
See http://nightly.buildroot.org/#writing-rules-config-in for more
information.
Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
HTTPS works better behind certain corporate firewalls.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The check-package script when ran gives warnings on ordering issues
on all of these Config files. This patch cleans up all warnings
related to the ordering in the Config files for packages starting with
the letter g in the package directory.
The appropriate ordering is: type, default, depends on, select, help
See http://nightly.buildroot.org/#_config_files for more information.
Signed-off-by: Adam Duskett <Adamduskett@outlook.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
We want to use SPDX identifier for license string as much as possible.
SPDX short identifier for LGPLv2.1/LGPLv2.1+ is LGPL-2.1/LGPL-2.1+.
This change is done using following command.
find . -name "*.mk" | xargs sed -ri '/LICENSE( )?[\+:]?=/s/LGPLv2.1(\+)?/LGPL-2.1\1/g'
Signed-off-by: Rahul Bedarkar <rahulbedarkar89@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
We want to use SPDX identifier for license string as much as possible.
SPDX short identifier for GPLv3/GPLv3+ is GPL-3.0/GPL-3.0+.
This change is done using following command.
find . -name "*.mk" | xargs sed -ri '/LICENSE( )?[\+:]?=/s/\<GPLv3\>/GPL-3.0/g'
Signed-off-by: Rahul Bedarkar <rahulbedarkar89@gmail.com>
Acked-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Fixes:
GNUTLS-SA-2017-3A - Addressed integer overflow resulting to invalid
memory write in OpenPGP certificate parsing.
GNUTLS-SA-2017-3B - Addressed crashes in OpenPGP certificate parsing,
related to private key parser. No longer allow OpenPGP certificates
(public keys) to contain private key sub-packets.
GNUTLS-SA-2017-3C - Addressed large allocation in OpenPGP certificate
parsing, that could lead in out-of-memory condition.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The 3.5.x has been promoted to stable, hence 3.4.x is deprecated and
3.3.x kept as old-stable.
libdane now specifies LGPLv2.1+ so drop the README kludge (which is also
gone regarding licensing).
libunistring is a new dependency, even though gnutls ships a builtin version
we prefer to use unbundled to avoid duplication with other users and target
size growth.
Fixes:
GNUTLS-SA-2017-01 - It was found using the OSS-FUZZ fuzzer
infrastructure that decoding a specially crafted X.509 certificate with
Proxy Certificate Information extension present could lead to a double
free.
GNUTLS-SA-2017-02 - It was found using the OSS-FUZZ fuzzer
infrastructure that decoding a specially crafted OpenPGP certificate
could lead to heap and stack overflows.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes:
GNUTLS-SA-2016-2 - vulnerability that affects certificate verification
when GnuTLS is used in combination with the p11-kit trust module.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
GnuTLS core library is licensed under LGPLv2.1+ while gnutls-openssl
library is licensed under GPLv3+. Annotate the license with components.
Reviewed-by: Marcin Nowakowski <marcin.nowakowski@imgtec.com>
Signed-off-by: Rahul Bedarkar <rahul.bedarkar@imgtec.com>
[Thomas:
- add comment about the license of the "core library" since some files
seems to be mistakenly under LGPLv3+ even though the library is
licensed under LGPLv2.1+.
- add the README file in the license information, since it contains a
lot of useful details.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Patch now upstream, so drop it along autoreconf and gettextize.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
It's no longer required, SUBDIRS += doc is guarded by ENABLE_DOC in
Makefile.am and the only place where it's used regardless is in
dist-hook which isn't used by buildroot.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
