libtasn1: security bump to version 4.12

Fixes CVE-2017-7650: Two errors in the "asn1_find_node()" function
(lib/parser_aux.c) within GnuTLS libtasn1 version 4.10 can be exploited to
cause a stacked-based buffer overflow by tricking a user into processing a
specially crafted assignments file via the e.g.  asn1Coding utility.

For more details, see:

https://secuniaresearch.flexerasoftware.com/secunia_research/2017-11/

Or the 1.4.11 release mail (no mail about 1.4.12, but identical to 1.4.11 +
a soname fix):

https://lists.gnu.org/archive/html/help-libtasn1/2017-05/msg00003.html

Remove 0001-configure-don-t-add-Werror-to-build-flags.patch and autoreconf
as that patch is now upstream.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

diff --git a/package/libtasn1/0001-configure-don-t-add-Werror-to-build-flags.patch b/package/libtasn1/0001-configure-don-t-add-Werror-to-build-flags.patch
deleted file mode 100644 (file)
index 387ba7a..0000000
--- a/package/libtasn1/0001-configure-don-t-add-Werror-to-build-flags.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From dd091c8af163213e12aa92f61bc4916e0f102633 Mon Sep 17 00:00:00 2001
-From: Nikos Mavrogiannopoulos <nmav@redhat.com>
-Date: Tue, 26 Jul 2016 08:45:33 +0200
-Subject: [PATCH] configure: don't add -Werror to build flags
-
-Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
----
-Patch status: upstream
-
- configure.ac | 2 --
- 1 file changed, 2 deletions(-)
-
-diff --git a/configure.ac b/configure.ac
-index 7a14e04..066f5fe 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -70,8 +70,6 @@ AC_ARG_ENABLE([gcc-warnings],
- )
- 
- if test "$gl_gcc_warnings" = yes; then
--  gl_WARN_ADD([-Werror], [WERROR_CFLAGS])
--
-   nw="$nw -Wsystem-headers"         # Don't let system headers trigger warnings
-   nw="$nw -Wc++-compat"             # We don't care strongly about C++ compilers
-   nw="$nw -Wtraditional"            # Warns on #elif which we use often
--- 
-2.7.3
-

diff --git a/package/libtasn1/libtasn1.hash b/package/libtasn1/libtasn1.hash
index 5b2100e87d9089124edab36303ec479d4106f67d..699c14050a8a839551dee4f08ab2f60cff40c798 100644 (file)
--- a/package/libtasn1/libtasn1.hash
+++ b/package/libtasn1/libtasn1.hash
@@ -1,2 +1,2 @@
 # Locally calculated after checking pgp signature
-sha256 4f6f7a8fd691ac2b8307c8ca365bad711db607d4ad5966f6938a9d2ecd65c920        libtasn1-4.9.tar.gz
+sha256 6753da2e621257f33f5b051cc114d417e5206a0818fe0b1ecfd6153f70934753        libtasn1-4.12.tar.gz

diff --git a/package/libtasn1/libtasn1.mk b/package/libtasn1/libtasn1.mk
index 714c4f88e63582f1a47634758807834d107f4987..b34a3b63f018e61900b620aa3827412159ad9281 100644 (file)
--- a/package/libtasn1/libtasn1.mk
+++ b/package/libtasn1/libtasn1.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-LIBTASN1_VERSION = 4.9
+LIBTASN1_VERSION = 4.12
 LIBTASN1_SITE = $(BR2_GNU_MIRROR)/libtasn1
 LIBTASN1_DEPENDENCIES = host-bison
 LIBTASN1_LICENSE = GPL-3.0+ (tests, tools), LGPL-2.1+ (library)
@@ -12,7 +12,5 @@ LIBTASN1_LICENSE_FILES = COPYING COPYING.LIB
 LIBTASN1_INSTALL_STAGING = YES
 # 'missing' fallback logic botched so disable it completely
 LIBTASN1_CONF_ENV = MAKEINFO="true"
-# For 0001-configure-don-t-add-Werror-to-build-flags.patch
-LIBTASN1_AUTORECONF = YES
 
 $(eval $(autotools-package))