The commit [1] should fix a circular dependency by
using util-linux-libs instead of util-linux if
BR2_PACKAGE_UTIL_LINUX_LIBS is set.
But util-linux is still in CRYPTSETUP_DEPENDENCIES.
Remove it to really break the circular dependency.
[1] e3c86f5c9e
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Cc: Yann E. MORIN <yann.morin.1998@free.fr>
Reviewed-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fix CVE-2020-14382: A vulnerability was found in upstream release
cryptsetup-2.2.0 where, there's a bug in LUKS2 format validation code,
that is effectively invoked on every device/image presenting itself as
LUKS2 container. The bug is in segments validation code in file
'lib/luks2/luks2_json_metadata.c' in function
hdr_validate_segments(struct crypt_device *cd, json_object *hdr_jobj)
where the code does not check for possible overflow on memory allocation
used for intervals array (see statement "intervals = malloc(first_backup
* sizeof(*intervals));"). Due to the bug, library can be *tricked* to
expect such allocation was successful but for far less memory then
originally expected. Later it may read data FROM image crafted by an
attacker and actually write such data BEYOND allocated memory.
https://mirrors.edge.kernel.org/pub/linux/utils/cryptsetup/v2.3/v2.3.4-ReleaseNotes
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
don't use cryptsetup's intree libargon2
Signed-off-by: Pascal de Bruijn <p.debruijn@unilogic.nl>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
libblkid is a new optional dependency. Upstream "strongly discourages"
build without libblkid support. So enable libblkid unconditionally.
Cc: Martin Hicks <mort@bork.org>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Add the now mandatory json-c depencecy. Propagate to reverse
dependencies.
Drop the no longer needed patch.
Add license files hashes.
[Peter: propagate _HAS_SYNC_4 dependency to comments as pointed out by
Thomas]
Cc: Martin Hicks <mort@bork.org>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit switches to use the new gettext logic, which involves:
- using TARGET_NLS_DEPENDENCIES instead of hand-encoded dependencies
on gettext/host-gettext
- using TARGET_NLS_LIBS to force linking against libintl
- dropping BR2_PACKAGE_GETTEXT selection
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
We want to use SPDX identifier for license string as much as possible.
SPDX short identifier for LGPLv2.1/LGPLv2.1+ is LGPL-2.1/LGPL-2.1+.
This change is done using following command.
find . -name "*.mk" | xargs sed -ri '/LICENSE( )?[\+:]?=/s/LGPLv2.1(\+)?/LGPL-2.1\1/g'
Signed-off-by: Rahul Bedarkar <rahulbedarkar89@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
We want to use SPDX identifier for license strings as much as possible.
SPDX short identifier for GPLv2/GPLv2+ is GPL-2.0/GPL-2.0+.
This change is done by using following command.
find . -name "*.mk" | xargs sed -ri '/LICENSE( )?[\+:]?=/s/\<GPLv2\>/GPL-2.0/g'
Signed-off-by: Rahul Bedarkar <rahulbedarkar89@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
cryptsetup installs a library and a header file, so it makes sense to
install it to staging.
Fixes bug #9691.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Reviewed-by: Yann E. MORIN <yann.morin.1998@free.fr>
cryptsetup does not actually depend on e2fsprogs, but on libuuid that is a
dependency of e2fsprogs. Remove the e2fsprogs dependency, and add a direct
dependency on util-linux (libuuid provider).
Cc: Martin Hicks <mort@bork.org>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
- Add support for the alternative OpenSSL and Linux kernel crypto backends.
The latter does require that additional kernel modules (like algif_hash)
are present and loaded before invoking cryptsetup, so is used as last choice.
- Removes CRYPTSETUP_AUTORECONF as it is redundant, and reconf does
create a dependency on libgcrypt for the m4 macros used.
[Thomas: add an explicit --with-crypto_backend=gcrypt with the
libgcrypt backend is requested.]
Signed-off-by: Floris Bos <bos@je-eigen-domein.nl>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Fixes autobuild error
http://autobuild.buildroot.net/results/cc1a65b9554bc2ece1b3ea8b51cd805b9bda7e86/
Adding libintl to the libraries list for cryptsetup when using a
uclibc toolchain and locale support is enabled.
Signed-off-by: Clayton Shotwell <clshotwe@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
