From patchwork Thu Jun 25 21:40:11 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Fabrice Fontaine <fontaine.fabrice@gmail.com>
X-Patchwork-Id: 1317204
Return-Path: <buildroot-bounces@busybox.net>
X-Original-To: incoming-buildroot@patchwork.ozlabs.org
Delivered-To: patchwork-incoming-buildroot@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=busybox.net
 (client-ip=140.211.166.133; helo=hemlock.osuosl.org;
 envelope-from=buildroot-bounces@busybox.net; receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
 dmarc=fail (p=none dis=none) header.from=gmail.com
Authentication-Results: ozlabs.org;
	dkim=fail reason="signature verification failed" (2048-bit key;
 unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256
 header.s=20161025 header.b=WEAx24Fr;
	dkim-atps=neutral
Received: from hemlock.osuosl.org (smtp2.osuosl.org [140.211.166.133])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 49tD2Y2ZVjz9sRR
	for <incoming-buildroot@patchwork.ozlabs.org>;
 Fri, 26 Jun 2020 07:40:21 +1000 (AEST)
Received: from localhost (localhost [127.0.0.1])
	by hemlock.osuosl.org (Postfix) with ESMTP id 7FF5E888F8;
	Thu, 25 Jun 2020 21:40:16 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from hemlock.osuosl.org ([127.0.0.1])
	by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id rzLwVpyrMIuj; Thu, 25 Jun 2020 21:40:15 +0000 (UTC)
Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34])
	by hemlock.osuosl.org (Postfix) with ESMTP id 21A8088888;
	Thu, 25 Jun 2020 21:40:15 +0000 (UTC)
X-Original-To: buildroot@lists.busybox.net
Delivered-To: buildroot@osuosl.org
Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138])
 by ash.osuosl.org (Postfix) with ESMTP id 0E1231BF599
 for <buildroot@lists.busybox.net>; Thu, 25 Jun 2020 21:40:14 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by whitealder.osuosl.org (Postfix) with ESMTP id 0B03687F8B
 for <buildroot@lists.busybox.net>; Thu, 25 Jun 2020 21:40:14 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from whitealder.osuosl.org ([127.0.0.1])
 by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id S8jyMeSmeZW8 for <buildroot@lists.busybox.net>;
 Thu, 25 Jun 2020 21:40:13 +0000 (UTC)
X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6
Received: from mail-wr1-f65.google.com (mail-wr1-f65.google.com
 [209.85.221.65])
 by whitealder.osuosl.org (Postfix) with ESMTPS id D37DD87F86
 for <buildroot@buildroot.org>; Thu, 25 Jun 2020 21:40:12 +0000 (UTC)
Received: by mail-wr1-f65.google.com with SMTP id k6so7405382wrn.3
 for <buildroot@buildroot.org>; Thu, 25 Jun 2020 14:40:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=from:to:cc:subject:date:message-id:mime-version
 :content-transfer-encoding;
 bh=PImqQi1z50aA9SZSbRJCIbO/EB9lPwIshC/jrtNN3fw=;
 b=WEAx24FrucuSTdeDgdtgrDwN5PxdkeJ9wLb+um+X7nGBnmHhiFmGXbnysrrOSBmu5i
 uiYd8ndnYSCiKtjpAW0Ot3sUL5SqPAaLsMdMvAF8ZHiPYpiOUoJqTK9u6erBvFLtBnYS
 7z4j/Fd4fnCgMesmFQlN4CTZKjxgr3/GPCQDe1z8VNUW5w7+Xu+HsxO+IxmtsKxvRpl2
 I41D1IDkTR9uQG9Ndtca5+zwckKkhd/k5ngpmIX7yQMSrCU8HMgnj3PaC0cfYPjrFvb4
 rVTNAYP2tUzzzBOJoRW6vlVrZVB4J0Sh+WVkIWQhi+zCq8zhTOKfOD/9QnfXNMgzptE1
 S80g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version
 :content-transfer-encoding;
 bh=PImqQi1z50aA9SZSbRJCIbO/EB9lPwIshC/jrtNN3fw=;
 b=tntCktB75SM+5ly64D1L05FkA7HDmuuwYprwb6SfMtRMUxSMLpmyOcsi4ux1OYzoE/
 wnDVuNwgOEuBK0Kt+2TRiqnB3MW8rKyVQ7wBHWkSaAXdb3BkD+QlbJKXJB+wDDDmqL5W
 dXonSW36hRCLCtgu/41oLLmDIT1YFKGULMVLvrjhNDgII88GnuDrzOD/vQi6yDJqeF1o
 LOrZ0TaJjKTo5IG1C7lM0BlbupB3645nf/A5Rh6Yu82icGyTMat5BCRP6EGXDnF/yLmG
 2PLA1DbgPwMQdqWDZX+O5OJ4lafVlI5eLeVAOIpwk4TjzDEJ6wG0W8RNHUyF1i6ZF3Uh
 aCww==
X-Gm-Message-State: AOAM533oJExPraOVxy3Np67YBfiEoW2Io7cRK0GR1Fn5UQJ/Nc3WFkdt
 j114oFz77Ybx+ct2w22M9x5GYoOy
X-Google-Smtp-Source: 
 ABdhPJxf8uH275h+1S+FdY7W+7w9xmZ6/uIPDP9Y6dUiU7xvwpHrogWpaABjJ8Kvag6ThUWCYjahgg==
X-Received: by 2002:a05:6000:341:: with SMTP id e1mr251000wre.1.1593121210815;
 Thu, 25 Jun 2020 14:40:10 -0700 (PDT)
Received: from kali.home
 (2a01cb0881b76d00c2afd0dfa851d2b9.ipv6.abo.wanadoo.fr.
 [2a01:cb08:81b7:6d00:c2af:d0df:a851:d2b9])
 by smtp.gmail.com with ESMTPSA id y17sm34860163wrd.58.2020.06.25.14.40.09
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Thu, 25 Jun 2020 14:40:09 -0700 (PDT)
From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
To: buildroot@buildroot.org
Date: Thu, 25 Jun 2020 23:40:11 +0200
Message-Id: <20200625214011.1531565-1-fontaine.fabrice@gmail.com>
X-Mailer: git-send-email 2.26.2
MIME-Version: 1.0
Subject: [Buildroot] [PATCH 1/1] package/ngircd: security bump to version 26
X-BeenThere: buildroot@busybox.net
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion and development of buildroot <buildroot.busybox.net>
List-Unsubscribe: <http://lists.busybox.net/mailman/options/buildroot>,
 <mailto:buildroot-request@busybox.net?subject=unsubscribe>
List-Archive: <http://lists.busybox.net/pipermail/buildroot/>
List-Post: <mailto:buildroot@busybox.net>
List-Help: <mailto:buildroot-request@busybox.net?subject=help>
List-Subscribe: <http://lists.busybox.net/mailman/listinfo/buildroot>,
 <mailto:buildroot-request@busybox.net?subject=subscribe>
Cc: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Errors-To: buildroot-bounces@busybox.net
Sender: "buildroot" <buildroot-bounces@busybox.net>

- Fix CVE-2020-14148: The Server-Server protocol implementation in
  ngIRCd before 26~rc2 allows an out-of-bounds access, as demonstrated
  by the IRC_NJOIN() function.
- Fix a static build failure with openssl thanks to
  https://github.com/ngircd/ngircd/commit/ad86a41eeed9f85d74bb50a25fa0bf4515aaf3af
- Update indentation in hash file (two spaces)

Fixes:
 - http://autobuild.buildroot.org/results/078a7afc432786316a1d2ea03f96444ff741b942

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
 package/ngircd/ngircd.hash | 4 ++--
 package/ngircd/ngircd.mk   | 6 +++---
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/package/ngircd/ngircd.hash b/package/ngircd/ngircd.hash
index 3772bd6c16..72874c8d49 100644
--- a/package/ngircd/ngircd.hash
+++ b/package/ngircd/ngircd.hash
@@ -1,3 +1,3 @@
 # Locally calculated after checking pgp signature
-sha256 c4997cae3e3dd6ff6a605ca274268f2b8c9ba0b1a96792c7402e5594222eee4e  ngircd-25.tar.xz
-sha256 8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643  COPYING
+sha256  56dcc6483058699fcdd8e54f5010eecee09824b93bad7ed5f18818e550d855c6  ngircd-26.tar.xz
+sha256  8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643  COPYING
diff --git a/package/ngircd/ngircd.mk b/package/ngircd/ngircd.mk
index 5fa86afdd5..4859a29c2f 100644
--- a/package/ngircd/ngircd.mk
+++ b/package/ngircd/ngircd.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-NGIRCD_VERSION = 25
+NGIRCD_VERSION = 26
 NGIRCD_SOURCE = ngircd-$(NGIRCD_VERSION).tar.xz
 NGIRCD_SITE = https://arthur.barton.de/pub/ngircd
 NGIRCD_LICENSE = GPL-2.0+
@@ -18,8 +18,8 @@ NGIRCD_CONF_OPTS += --without-pam
 endif
 
 ifeq ($(BR2_PACKAGE_OPENSSL),y)
-NGIRCD_CONF_OPTS += --with-openssl=$(STAGING_DIR)/usr
-NGIRCD_DEPENDENCIES += openssl
+NGIRCD_CONF_OPTS += --with-openssl
+NGIRCD_DEPENDENCIES += host-pkgconf openssl
 else
 NGIRCD_CONF_OPTS += --without-openssl
 ifeq ($(BR2_PACKAGE_GNUTLS),y)