* [PATCH 0/3] Gnutls update 4.2 V2
@ 2015-06-14 5:37 Armin Kuster
2015-06-14 5:37 ` [PATCH 1/3] nettle: update package to 3.1.1 version Armin Kuster
` (2 more replies)
0 siblings, 3 replies; 8+ messages in thread
From: Armin Kuster @ 2015-06-14 5:37 UTC (permalink / raw)
To: openembedded-core
The nettle and gnutls updates must be done as a pair.
Include neon build fixes for the above update
The following changes since commit 1675ff6fff53dda89fa8d4f3a2c292c23fd346d7:
bitbake: tests/data: Add new data tests (2015-06-12 00:02:28 +0100)
are available in the git repository at:
git://git.yoctoproject.org/poky-contrib akuster/gnutls-update
http://git.yoctoproject.org/cgit.cgi//log/?h=akuster/gnutls-update
Armin Kuster (3):
nettle: update package to 3.1.1 version.
gnutls: update to 3.4.1
neon: fix compat issues with gnutls 4.3
meta/recipes-support/gnutls/gnutls.inc | 3 +-
.../gnutls/configure.ac-fix-sed-command.patch | 29 +++++----
meta/recipes-support/gnutls/gnutls_3.3.14.bb | 8 ---
meta/recipes-support/gnutls/gnutls_3.4.1.bb | 8 +++
.../neon/neon/gnutls_4.3_fixup.patch | 68 ++++++++++++++++++++++
meta/recipes-support/neon/neon_0.30.1.bb | 3 +-
.../nettle/{nettle_2.7.1.bb => nettle_3.1.1.bb} | 12 ++--
7 files changed, 99 insertions(+), 32 deletions(-)
delete mode 100644 meta/recipes-support/gnutls/gnutls_3.3.14.bb
create mode 100644 meta/recipes-support/gnutls/gnutls_3.4.1.bb
create mode 100644 meta/recipes-support/neon/neon/gnutls_4.3_fixup.patch
rename meta/recipes-support/nettle/{nettle_2.7.1.bb => nettle_3.1.1.bb} (48%)
--
2.3.5
^ permalink raw reply [flat|nested] 8+ messages in thread* [PATCH 1/3] nettle: update package to 3.1.1 version. 2015-06-14 5:37 [PATCH 0/3] Gnutls update 4.2 V2 Armin Kuster @ 2015-06-14 5:37 ` Armin Kuster 2015-06-14 5:37 ` [PATCH 2/3] gnutls: update to 3.4.1 Armin Kuster 2015-06-14 5:37 ` [PATCH 3/3] neon: fix compat issues with gnutls 4.3 Armin Kuster 2 siblings, 0 replies; 8+ messages in thread From: Armin Kuster @ 2015-06-14 5:37 UTC (permalink / raw) To: openembedded-core this requires the gnutls 3.4.1 update or the current gnutils build will break. Signed-off-by: Armin Kuster <akuster808@gmail.com> --- .../nettle/{nettle_2.7.1.bb => nettle_3.1.1.bb} | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) rename meta/recipes-support/nettle/{nettle_2.7.1.bb => nettle_3.1.1.bb} (48%) diff --git a/meta/recipes-support/nettle/nettle_2.7.1.bb b/meta/recipes-support/nettle/nettle_3.1.1.bb similarity index 48% rename from meta/recipes-support/nettle/nettle_2.7.1.bb rename to meta/recipes-support/nettle/nettle_3.1.1.bb index f53afcc..ce5e756 100644 --- a/meta/recipes-support/nettle/nettle_2.7.1.bb +++ b/meta/recipes-support/nettle/nettle_3.1.1.bb @@ -1,17 +1,17 @@ SUMMARY = "A low level cryptographic library" HOMEPAGE = "http://www.lysator.liu.se/~nisse/nettle/" SECTION = "libs" -LICENSE = "LGPLv2.1 & GPLv2" -LIC_FILES_CHKSUM = "file://COPYING.LIB;md5=2d5025d4aa3495befef8f17206a5b0a1 \ - file://serpent-decrypt.c;beginline=53;endline=67;md5=bcfd4745d53ca57f82907089898e390d \ - file://serpent-set-key.c;beginline=56;endline=70;md5=bcfd4745d53ca57f82907089898e390d" +LICENSE = "GPLv2+ & GPLv3 & LGPLv3+" +LIC_FILES_CHKSUM = "file://COPYINGv2;beginline=1;endline=2;md5=c70d8d3310941dcdfcd1e02800a1f548 \ + file://COPYINGv3;beginline=1;endline=2;md5=d1c727712ceba52db52e0ee449cadf43 \ + file://COPYING.LESSERv3;beginline=1;endline=2;md5=ff44a06d461487fb65f84ad672a1d1c8" DEPENDS += "gmp" SRC_URI = "http://www.lysator.liu.se/~nisse/archive/${BP}.tar.gz" -SRC_URI[md5sum] = "003d5147911317931dd453520eb234a5" -SRC_URI[sha256sum] = "bc71ebd43435537d767799e414fce88e521b7278d48c860651216e1fc6555b40" +SRC_URI[md5sum] = "b40fa88dc32f37a182b6b42092ebb144" +SRC_URI[sha256sum] = "5fd4d25d64d8ddcb85d0d897572af73b05b4d163c6cc49438a5bfbb8ff293d4c" EXTRA_OECONF = "--disable-openssl" -- 2.3.5 ^ permalink raw reply related [flat|nested] 8+ messages in thread
* [PATCH 2/3] gnutls: update to 3.4.1 2015-06-14 5:37 [PATCH 0/3] Gnutls update 4.2 V2 Armin Kuster 2015-06-14 5:37 ` [PATCH 1/3] nettle: update package to 3.1.1 version Armin Kuster @ 2015-06-14 5:37 ` Armin Kuster 2015-06-15 10:13 ` Burton, Ross 2015-06-14 5:37 ` [PATCH 3/3] neon: fix compat issues with gnutls 4.3 Armin Kuster 2 siblings, 1 reply; 8+ messages in thread From: Armin Kuster @ 2015-06-14 5:37 UTC (permalink / raw) To: openembedded-core This version supports the nettle 3.x and higher and requires that version. this include a security fix: GNUTLS-SA-2015-2 no CVE assigned to date. enable openssl compat via PACKAGECONFIG as iputils needs gnutls/openssl.h for migration info: http://www.gnutls.org/manual/gnutls.html#Upgrading-from-previous-versions Signed-off-by: Armin Kuster <akuster808@gmail.com> --- meta/recipes-support/gnutls/gnutls.inc | 3 ++- .../gnutls/configure.ac-fix-sed-command.patch | 29 ++++++++++------------ meta/recipes-support/gnutls/gnutls_3.3.14.bb | 8 ------ meta/recipes-support/gnutls/gnutls_3.4.1.bb | 8 ++++++ 4 files changed, 23 insertions(+), 25 deletions(-) delete mode 100644 meta/recipes-support/gnutls/gnutls_3.3.14.bb create mode 100644 meta/recipes-support/gnutls/gnutls_3.4.1.bb diff --git a/meta/recipes-support/gnutls/gnutls.inc b/meta/recipes-support/gnutls/gnutls.inc index e9b138a..6928cb9 100644 --- a/meta/recipes-support/gnutls/gnutls.inc +++ b/meta/recipes-support/gnutls/gnutls.inc @@ -34,9 +34,10 @@ do_configure_prepend() { done } -PACKAGECONFIG ??= "zlib" +PACKAGECONFIG ??= "zlib openssl_compat" PACKAGECONFIG[tpm] = "--with-tpm, --without-tpm, trousers" PACKAGECONFIG[zlib] = "--with-zlib, --without-zlib, zlib" +PACKAGECONFIG[openssl_compat] = "--enable-openssl-compatibility,," PACKAGES =+ "${PN}-openssl ${PN}-xx" diff --git a/meta/recipes-support/gnutls/gnutls/configure.ac-fix-sed-command.patch b/meta/recipes-support/gnutls/gnutls/configure.ac-fix-sed-command.patch index 44a9934..342143f 100644 --- a/meta/recipes-support/gnutls/gnutls/configure.ac-fix-sed-command.patch +++ b/meta/recipes-support/gnutls/gnutls/configure.ac-fix-sed-command.patch @@ -13,19 +13,16 @@ Signed-off-by: Robert Yang <liezhi.yang@windriver.com> configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -diff --git a/configure.ac b/configure.ac -index c6818a0..1c4582d 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -466,7 +466,7 @@ if test "$NEED_LIBOPTS_DIR" = "true";then - dnl replace libopts-generated files with distributed backups, if present - missing_baks= - for i in ${srcdir}/src/*-args.c.bak ${srcdir}/src/*-args.h.bak; do -- nam=`echo $i|sed 's/.bak//g'` -+ nam=`echo $i|sed 's/\.bak$//'` - if test -f $i;then - cp -f $i $nam - else --- -2.0.1 - +Index: gnutls-3.4.1/configure.ac +=================================================================== +--- gnutls-3.4.1.orig/configure.ac ++++ gnutls-3.4.1/configure.ac +@@ -530,7 +530,7 @@ if test "$enable_tools" != "no" || test + dnl replace libopts-generated files with distributed backups, if present + missing_baks= + for i in ${srcdir}/src/*-args.c.bak ${srcdir}/src/*-args.h.bak; do +- nam=`echo $i|sed 's/.bak//g'` ++ nam=`echo $i|sed 's/\.bak$//'` + if test -f $i;then + cp -f $i $nam + else diff --git a/meta/recipes-support/gnutls/gnutls_3.3.14.bb b/meta/recipes-support/gnutls/gnutls_3.3.14.bb deleted file mode 100644 index f41d183..0000000 --- a/meta/recipes-support/gnutls/gnutls_3.3.14.bb +++ /dev/null @@ -1,8 +0,0 @@ -require gnutls.inc - -SRC_URI += "file://correct_rpl_gettimeofday_signature.patch \ - file://configure.ac-fix-sed-command.patch \ - file://use-pkg-config-to-locate-zlib.patch \ - " -SRC_URI[md5sum] = "7f4465f8c564cf9cb8f5cb38b909f7ca" -SRC_URI[sha256sum] = "0dfa0030faad8909c1e904105198232d6bc0123cae8cf4933b2bac85ee7cec52" diff --git a/meta/recipes-support/gnutls/gnutls_3.4.1.bb b/meta/recipes-support/gnutls/gnutls_3.4.1.bb new file mode 100644 index 0000000..1b64813 --- /dev/null +++ b/meta/recipes-support/gnutls/gnutls_3.4.1.bb @@ -0,0 +1,8 @@ +require gnutls.inc + +SRC_URI += "file://correct_rpl_gettimeofday_signature.patch \ + file://configure.ac-fix-sed-command.patch \ + file://use-pkg-config-to-locate-zlib.patch \ + " +SRC_URI[md5sum] = "2d04f34fa25b45f9dcb9104c0394e12e" +SRC_URI[sha256sum] = "e9b5f58becf34756464216056cd5abbf04315eda80a374d02699dee83f80b12e" -- 2.3.5 ^ permalink raw reply related [flat|nested] 8+ messages in thread
* Re: [PATCH 2/3] gnutls: update to 3.4.1 2015-06-14 5:37 ` [PATCH 2/3] gnutls: update to 3.4.1 Armin Kuster @ 2015-06-15 10:13 ` Burton, Ross 2015-06-15 23:18 ` akuster808 2015-06-18 15:57 ` akuster808 0 siblings, 2 replies; 8+ messages in thread From: Burton, Ross @ 2015-06-15 10:13 UTC (permalink / raw) To: Armin Kuster; +Cc: OE-core [-- Attachment #1: Type: text/plain, Size: 5409 bytes --] So this happens: WARNING: QA Issue: gnutls-openssl rdepends on libidn, but it isn't a build dependency? [build-deps] WARNING: QA Issue: gnutls-xx rdepends on libidn, but it isn't a build dependency? [build-deps] WARNING: QA Issue: gnutls-dev rdepends on libidn, but it isn't a build dependency? [build-deps] WARNING: QA Issue: gnutls-bin rdepends on libidn, but it isn't a build dependency? [build-deps] WARNING: QA Issue: gnutls rdepends on libidn, but it isn't a build dependency? [build-deps] Ross On 14 June 2015 at 06:37, Armin Kuster <akuster808@gmail.com> wrote: > This version supports the nettle 3.x and higher and requires that version. > > this include a security fix: > GNUTLS-SA-2015-2 > no CVE assigned to date. > > enable openssl compat via PACKAGECONFIG as iputils needs gnutls/openssl.h > > for migration info: > http://www.gnutls.org/manual/gnutls.html#Upgrading-from-previous-versions > > Signed-off-by: Armin Kuster <akuster808@gmail.com> > --- > meta/recipes-support/gnutls/gnutls.inc | 3 ++- > .../gnutls/configure.ac-fix-sed-command.patch | 29 > ++++++++++------------ > meta/recipes-support/gnutls/gnutls_3.3.14.bb | 8 ------ > meta/recipes-support/gnutls/gnutls_3.4.1.bb | 8 ++++++ > 4 files changed, 23 insertions(+), 25 deletions(-) > delete mode 100644 meta/recipes-support/gnutls/gnutls_3.3.14.bb > create mode 100644 meta/recipes-support/gnutls/gnutls_3.4.1.bb > > diff --git a/meta/recipes-support/gnutls/gnutls.inc > b/meta/recipes-support/gnutls/gnutls.inc > index e9b138a..6928cb9 100644 > --- a/meta/recipes-support/gnutls/gnutls.inc > +++ b/meta/recipes-support/gnutls/gnutls.inc > @@ -34,9 +34,10 @@ do_configure_prepend() { > done > } > > -PACKAGECONFIG ??= "zlib" > +PACKAGECONFIG ??= "zlib openssl_compat" > PACKAGECONFIG[tpm] = "--with-tpm, --without-tpm, trousers" > PACKAGECONFIG[zlib] = "--with-zlib, --without-zlib, zlib" > +PACKAGECONFIG[openssl_compat] = "--enable-openssl-compatibility,," > > PACKAGES =+ "${PN}-openssl ${PN}-xx" > > diff --git > a/meta/recipes-support/gnutls/gnutls/configure.ac-fix-sed-command.patch > b/meta/recipes-support/gnutls/gnutls/configure.ac-fix-sed-command.patch > index 44a9934..342143f 100644 > --- a/meta/recipes-support/gnutls/gnutls/configure.ac-fix-sed-command.patch > +++ b/meta/recipes-support/gnutls/gnutls/configure.ac-fix-sed-command.patch > @@ -13,19 +13,16 @@ Signed-off-by: Robert Yang <liezhi.yang@windriver.com> > configure.ac | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > -diff --git a/configure.ac b/configure.ac > -index c6818a0..1c4582d 100644 > ---- a/configure.ac > -+++ b/configure.ac > -@@ -466,7 +466,7 @@ if test "$NEED_LIBOPTS_DIR" = "true";then > - dnl replace libopts-generated files with distributed backups, if > present > - missing_baks= > - for i in ${srcdir}/src/*-args.c.bak ${srcdir}/src/*-args.h.bak; do > -- nam=`echo $i|sed 's/.bak//g'` > -+ nam=`echo $i|sed 's/\.bak$//'` > - if test -f $i;then > - cp -f $i $nam > - else > --- > -2.0.1 > - > +Index: gnutls-3.4.1/configure.ac > +=================================================================== > +--- gnutls-3.4.1.orig/configure.ac > ++++ gnutls-3.4.1/configure.ac > +@@ -530,7 +530,7 @@ if test "$enable_tools" != "no" || test > + dnl replace libopts-generated files with distributed > backups, if present > + missing_baks= > + for i in ${srcdir}/src/*-args.c.bak > ${srcdir}/src/*-args.h.bak; do > +- nam=`echo $i|sed 's/.bak//g'` > ++ nam=`echo $i|sed 's/\.bak$//'` > + if test -f $i;then > + cp -f $i $nam > + else > diff --git a/meta/recipes-support/gnutls/gnutls_3.3.14.bb > b/meta/recipes-support/gnutls/gnutls_3.3.14.bb > deleted file mode 100644 > index f41d183..0000000 > --- a/meta/recipes-support/gnutls/gnutls_3.3.14.bb > +++ /dev/null > @@ -1,8 +0,0 @@ > -require gnutls.inc > - > -SRC_URI += "file://correct_rpl_gettimeofday_signature.patch \ > - file://configure.ac-fix-sed-command.patch \ > - file://use-pkg-config-to-locate-zlib.patch \ > - " > -SRC_URI[md5sum] = "7f4465f8c564cf9cb8f5cb38b909f7ca" > -SRC_URI[sha256sum] = > "0dfa0030faad8909c1e904105198232d6bc0123cae8cf4933b2bac85ee7cec52" > diff --git a/meta/recipes-support/gnutls/gnutls_3.4.1.bb > b/meta/recipes-support/gnutls/gnutls_3.4.1.bb > new file mode 100644 > index 0000000..1b64813 > --- /dev/null > +++ b/meta/recipes-support/gnutls/gnutls_3.4.1.bb > @@ -0,0 +1,8 @@ > +require gnutls.inc > + > +SRC_URI += "file://correct_rpl_gettimeofday_signature.patch \ > + file://configure.ac-fix-sed-command.patch \ > + file://use-pkg-config-to-locate-zlib.patch \ > + " > +SRC_URI[md5sum] = "2d04f34fa25b45f9dcb9104c0394e12e" > +SRC_URI[sha256sum] = > "e9b5f58becf34756464216056cd5abbf04315eda80a374d02699dee83f80b12e" > -- > 2.3.5 > > -- > _______________________________________________ > Openembedded-core mailing list > Openembedded-core@lists.openembedded.org > http://lists.openembedded.org/mailman/listinfo/openembedded-core > [-- Attachment #2: Type: text/html, Size: 8100 bytes --] ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH 2/3] gnutls: update to 3.4.1 2015-06-15 10:13 ` Burton, Ross @ 2015-06-15 23:18 ` akuster808 2015-06-18 15:57 ` akuster808 1 sibling, 0 replies; 8+ messages in thread From: akuster808 @ 2015-06-15 23:18 UTC (permalink / raw) To: Burton, Ross; +Cc: OE-core On 06/15/2015 03:13 AM, Burton, Ross wrote: > So this happens: > > WARNING: QA Issue: gnutls-openssl rdepends on libidn, but it isn't a > build dependency? [build-deps] > WARNING: QA Issue: gnutls-xx rdepends on libidn, but it isn't a build > dependency? [build-deps] > WARNING: QA Issue: gnutls-dev rdepends on libidn, but it isn't a build > dependency? [build-deps] > WARNING: QA Issue: gnutls-bin rdepends on libidn, but it isn't a build > dependency? [build-deps] > WARNING: QA Issue: gnutls rdepends on libidn, but it isn't a build > dependency? [build-deps] Well that is a bummer. I have not seen those otherwise I would have not submitted the request. Thanks for the feedback. - armin > > Ross > > On 14 June 2015 at 06:37, Armin Kuster <akuster808@gmail.com > <mailto:akuster808@gmail.com>> wrote: > > This version supports the nettle 3.x and higher and requires that > version. > > this include a security fix: > GNUTLS-SA-2015-2 > no CVE assigned to date. > > enable openssl compat via PACKAGECONFIG as iputils needs > gnutls/openssl.h > > for migration info: > http://www.gnutls.org/manual/gnutls.html#Upgrading-from-previous-versions > > Signed-off-by: Armin Kuster <akuster808@gmail.com > <mailto:akuster808@gmail.com>> > --- > meta/recipes-support/gnutls/gnutls.inc | 3 ++- > .../gnutls/configure.ac-fix-sed-command.patch | 29 > ++++++++++------------ > meta/recipes-support/gnutls/gnutls_3.3.14.bb > <http://gnutls_3.3.14.bb> | 8 ------ > meta/recipes-support/gnutls/gnutls_3.4.1.bb > <http://gnutls_3.4.1.bb> | 8 ++++++ > 4 files changed, 23 insertions(+), 25 deletions(-) > delete mode 100644 meta/recipes-support/gnutls/gnutls_3.3.14.bb > <http://gnutls_3.3.14.bb> > create mode 100644 meta/recipes-support/gnutls/gnutls_3.4.1.bb > <http://gnutls_3.4.1.bb> > > diff --git a/meta/recipes-support/gnutls/gnutls.inc > b/meta/recipes-support/gnutls/gnutls.inc > index e9b138a..6928cb9 100644 > --- a/meta/recipes-support/gnutls/gnutls.inc > +++ b/meta/recipes-support/gnutls/gnutls.inc > @@ -34,9 +34,10 @@ do_configure_prepend() { > done > } > > -PACKAGECONFIG ??= "zlib" > +PACKAGECONFIG ??= "zlib openssl_compat" > PACKAGECONFIG[tpm] = "--with-tpm, --without-tpm, trousers" > PACKAGECONFIG[zlib] = "--with-zlib, --without-zlib, zlib" > +PACKAGECONFIG[openssl_compat] = "--enable-openssl-compatibility,," > > PACKAGES =+ "${PN}-openssl ${PN}-xx" > > diff --git > a/meta/recipes-support/gnutls/gnutls/configure.ac-fix-sed-command.patch > b/meta/recipes-support/gnutls/gnutls/configure.ac-fix-sed-command.patch > index 44a9934..342143f 100644 > --- > a/meta/recipes-support/gnutls/gnutls/configure.ac-fix-sed-command.patch > +++ > b/meta/recipes-support/gnutls/gnutls/configure.ac-fix-sed-command.patch > @@ -13,19 +13,16 @@ Signed-off-by: Robert Yang > <liezhi.yang@windriver.com <mailto:liezhi.yang@windriver.com>> > configure.ac <http://configure.ac> | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > -diff --git a/configure.ac <http://configure.ac> b/configure.ac > <http://configure.ac> > -index c6818a0..1c4582d 100644 > ---- a/configure.ac <http://configure.ac> > -+++ b/configure.ac <http://configure.ac> > -@@ -466,7 +466,7 @@ if test "$NEED_LIBOPTS_DIR" = "true";then > - dnl replace libopts-generated files with distributed > backups, if present > - missing_baks= > - for i in ${srcdir}/src/*-args.c.bak > ${srcdir}/src/*-args.h.bak; do > -- nam=`echo $i|sed 's/.bak//g'` > -+ nam=`echo $i|sed 's/\.bak$//'` > - if test -f $i;then > - cp -f $i $nam > - else > --- > -2.0.1 > - > +Index: gnutls-3.4.1/configure.ac <http://configure.ac> > +=================================================================== > +--- gnutls-3.4.1.orig/configure.ac <http://configure.ac> > ++++ gnutls-3.4.1/configure.ac <http://configure.ac> > +@@ -530,7 +530,7 @@ if test "$enable_tools" != "no" || test > + dnl replace libopts-generated files with distributed > backups, if present > + missing_baks= > + for i in ${srcdir}/src/*-args.c.bak > ${srcdir}/src/*-args.h.bak; do > +- nam=`echo $i|sed 's/.bak//g'` > ++ nam=`echo $i|sed 's/\.bak$//'` > + if test -f $i;then > + cp -f $i $nam > + else > diff --git a/meta/recipes-support/gnutls/gnutls_3.3.14.bb > <http://gnutls_3.3.14.bb> > b/meta/recipes-support/gnutls/gnutls_3.3.14.bb <http://gnutls_3.3.14.bb> > deleted file mode 100644 > index f41d183..0000000 > --- a/meta/recipes-support/gnutls/gnutls_3.3.14.bb > <http://gnutls_3.3.14.bb> > +++ /dev/null > @@ -1,8 +0,0 @@ > -require gnutls.inc > - > -SRC_URI += "file://correct_rpl_gettimeofday_signature.patch \ > - file://configure.ac-fix-sed-command.patch \ > - file://use-pkg-config-to-locate-zlib.patch \ > - " > -SRC_URI[md5sum] = "7f4465f8c564cf9cb8f5cb38b909f7ca" > -SRC_URI[sha256sum] = > "0dfa0030faad8909c1e904105198232d6bc0123cae8cf4933b2bac85ee7cec52" > diff --git a/meta/recipes-support/gnutls/gnutls_3.4.1.bb > <http://gnutls_3.4.1.bb> > b/meta/recipes-support/gnutls/gnutls_3.4.1.bb <http://gnutls_3.4.1.bb> > new file mode 100644 > index 0000000..1b64813 > --- /dev/null > +++ b/meta/recipes-support/gnutls/gnutls_3.4.1.bb > <http://gnutls_3.4.1.bb> > @@ -0,0 +1,8 @@ > +require gnutls.inc > + > +SRC_URI += "file://correct_rpl_gettimeofday_signature.patch \ > + file://configure.ac-fix-sed-command.patch \ > + file://use-pkg-config-to-locate-zlib.patch \ > + " > +SRC_URI[md5sum] = "2d04f34fa25b45f9dcb9104c0394e12e" > +SRC_URI[sha256sum] = > "e9b5f58becf34756464216056cd5abbf04315eda80a374d02699dee83f80b12e" > -- > 2.3.5 > > -- > _______________________________________________ > Openembedded-core mailing list > Openembedded-core@lists.openembedded.org > <mailto:Openembedded-core@lists.openembedded.org> > http://lists.openembedded.org/mailman/listinfo/openembedded-core > > ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH 2/3] gnutls: update to 3.4.1 2015-06-15 10:13 ` Burton, Ross 2015-06-15 23:18 ` akuster808 @ 2015-06-18 15:57 ` akuster808 2015-06-19 9:03 ` Burton, Ross 1 sibling, 1 reply; 8+ messages in thread From: akuster808 @ 2015-06-18 15:57 UTC (permalink / raw) To: Burton, Ross; +Cc: OE-core Ross, I could not reproduce these warnings but found a configure option to build without libidn so I added that in my last submit. Thanks again, kind regards, Armin On 06/15/2015 03:13 AM, Burton, Ross wrote: > So this happens: > > WARNING: QA Issue: gnutls-openssl rdepends on libidn, but it isn't a > build dependency? [build-deps] > WARNING: QA Issue: gnutls-xx rdepends on libidn, but it isn't a build > dependency? [build-deps] > WARNING: QA Issue: gnutls-dev rdepends on libidn, but it isn't a build > dependency? [build-deps] > WARNING: QA Issue: gnutls-bin rdepends on libidn, but it isn't a build > dependency? [build-deps] > WARNING: QA Issue: gnutls rdepends on libidn, but it isn't a build > dependency? [build-deps] > > Ross > > On 14 June 2015 at 06:37, Armin Kuster <akuster808@gmail.com > <mailto:akuster808@gmail.com>> wrote: > > This version supports the nettle 3.x and higher and requires that > version. > > this include a security fix: > GNUTLS-SA-2015-2 > no CVE assigned to date. > > enable openssl compat via PACKAGECONFIG as iputils needs > gnutls/openssl.h > > for migration info: > http://www.gnutls.org/manual/gnutls.html#Upgrading-from-previous-versions > > Signed-off-by: Armin Kuster <akuster808@gmail.com > <mailto:akuster808@gmail.com>> > --- > meta/recipes-support/gnutls/gnutls.inc | 3 ++- > .../gnutls/configure.ac-fix-sed-command.patch | 29 > ++++++++++------------ > meta/recipes-support/gnutls/gnutls_3.3.14.bb > <http://gnutls_3.3.14.bb> | 8 ------ > meta/recipes-support/gnutls/gnutls_3.4.1.bb > <http://gnutls_3.4.1.bb> | 8 ++++++ > 4 files changed, 23 insertions(+), 25 deletions(-) > delete mode 100644 meta/recipes-support/gnutls/gnutls_3.3.14.bb > <http://gnutls_3.3.14.bb> > create mode 100644 meta/recipes-support/gnutls/gnutls_3.4.1.bb > <http://gnutls_3.4.1.bb> > > diff --git a/meta/recipes-support/gnutls/gnutls.inc > b/meta/recipes-support/gnutls/gnutls.inc > index e9b138a..6928cb9 100644 > --- a/meta/recipes-support/gnutls/gnutls.inc > +++ b/meta/recipes-support/gnutls/gnutls.inc > @@ -34,9 +34,10 @@ do_configure_prepend() { > done > } > > -PACKAGECONFIG ??= "zlib" > +PACKAGECONFIG ??= "zlib openssl_compat" > PACKAGECONFIG[tpm] = "--with-tpm, --without-tpm, trousers" > PACKAGECONFIG[zlib] = "--with-zlib, --without-zlib, zlib" > +PACKAGECONFIG[openssl_compat] = "--enable-openssl-compatibility,," > > PACKAGES =+ "${PN}-openssl ${PN}-xx" > > diff --git > a/meta/recipes-support/gnutls/gnutls/configure.ac-fix-sed-command.patch > b/meta/recipes-support/gnutls/gnutls/configure.ac-fix-sed-command.patch > index 44a9934..342143f 100644 > --- > a/meta/recipes-support/gnutls/gnutls/configure.ac-fix-sed-command.patch > +++ > b/meta/recipes-support/gnutls/gnutls/configure.ac-fix-sed-command.patch > @@ -13,19 +13,16 @@ Signed-off-by: Robert Yang > <liezhi.yang@windriver.com <mailto:liezhi.yang@windriver.com>> > configure.ac <http://configure.ac> | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > -diff --git a/configure.ac <http://configure.ac> b/configure.ac > <http://configure.ac> > -index c6818a0..1c4582d 100644 > ---- a/configure.ac <http://configure.ac> > -+++ b/configure.ac <http://configure.ac> > -@@ -466,7 +466,7 @@ if test "$NEED_LIBOPTS_DIR" = "true";then > - dnl replace libopts-generated files with distributed > backups, if present > - missing_baks= > - for i in ${srcdir}/src/*-args.c.bak > ${srcdir}/src/*-args.h.bak; do > -- nam=`echo $i|sed 's/.bak//g'` > -+ nam=`echo $i|sed 's/\.bak$//'` > - if test -f $i;then > - cp -f $i $nam > - else > --- > -2.0.1 > - > +Index: gnutls-3.4.1/configure.ac <http://configure.ac> > +=================================================================== > +--- gnutls-3.4.1.orig/configure.ac <http://configure.ac> > ++++ gnutls-3.4.1/configure.ac <http://configure.ac> > +@@ -530,7 +530,7 @@ if test "$enable_tools" != "no" || test > + dnl replace libopts-generated files with distributed > backups, if present > + missing_baks= > + for i in ${srcdir}/src/*-args.c.bak > ${srcdir}/src/*-args.h.bak; do > +- nam=`echo $i|sed 's/.bak//g'` > ++ nam=`echo $i|sed 's/\.bak$//'` > + if test -f $i;then > + cp -f $i $nam > + else > diff --git a/meta/recipes-support/gnutls/gnutls_3.3.14.bb > <http://gnutls_3.3.14.bb> > b/meta/recipes-support/gnutls/gnutls_3.3.14.bb <http://gnutls_3.3.14.bb> > deleted file mode 100644 > index f41d183..0000000 > --- a/meta/recipes-support/gnutls/gnutls_3.3.14.bb > <http://gnutls_3.3.14.bb> > +++ /dev/null > @@ -1,8 +0,0 @@ > -require gnutls.inc > - > -SRC_URI += "file://correct_rpl_gettimeofday_signature.patch \ > - file://configure.ac-fix-sed-command.patch \ > - file://use-pkg-config-to-locate-zlib.patch \ > - " > -SRC_URI[md5sum] = "7f4465f8c564cf9cb8f5cb38b909f7ca" > -SRC_URI[sha256sum] = > "0dfa0030faad8909c1e904105198232d6bc0123cae8cf4933b2bac85ee7cec52" > diff --git a/meta/recipes-support/gnutls/gnutls_3.4.1.bb > <http://gnutls_3.4.1.bb> > b/meta/recipes-support/gnutls/gnutls_3.4.1.bb <http://gnutls_3.4.1.bb> > new file mode 100644 > index 0000000..1b64813 > --- /dev/null > +++ b/meta/recipes-support/gnutls/gnutls_3.4.1.bb > <http://gnutls_3.4.1.bb> > @@ -0,0 +1,8 @@ > +require gnutls.inc > + > +SRC_URI += "file://correct_rpl_gettimeofday_signature.patch \ > + file://configure.ac-fix-sed-command.patch \ > + file://use-pkg-config-to-locate-zlib.patch \ > + " > +SRC_URI[md5sum] = "2d04f34fa25b45f9dcb9104c0394e12e" > +SRC_URI[sha256sum] = > "e9b5f58becf34756464216056cd5abbf04315eda80a374d02699dee83f80b12e" > -- > 2.3.5 > > -- > _______________________________________________ > Openembedded-core mailing list > Openembedded-core@lists.openembedded.org > <mailto:Openembedded-core@lists.openembedded.org> > http://lists.openembedded.org/mailman/listinfo/openembedded-core > > ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH 2/3] gnutls: update to 3.4.1 2015-06-18 15:57 ` akuster808 @ 2015-06-19 9:03 ` Burton, Ross 0 siblings, 0 replies; 8+ messages in thread From: Burton, Ross @ 2015-06-19 9:03 UTC (permalink / raw) To: akuster808; +Cc: OE-core [-- Attachment #1: Type: text/plain, Size: 308 bytes --] On 18 June 2015 at 16:57, akuster808 <akuster808@gmail.com> wrote: > I could not reproduce these warnings but found a configure option to > build without libidn so I added that in my last submit. > It would be a simple: $ bitbake libidn $ bitbake gnutls -ccleansstate $ bitbake gnutls Ross [-- Attachment #2: Type: text/html, Size: 811 bytes --] ^ permalink raw reply [flat|nested] 8+ messages in thread
* [PATCH 3/3] neon: fix compat issues with gnutls 4.3 2015-06-14 5:37 [PATCH 0/3] Gnutls update 4.2 V2 Armin Kuster 2015-06-14 5:37 ` [PATCH 1/3] nettle: update package to 3.1.1 version Armin Kuster 2015-06-14 5:37 ` [PATCH 2/3] gnutls: update to 3.4.1 Armin Kuster @ 2015-06-14 5:37 ` Armin Kuster 2 siblings, 0 replies; 8+ messages in thread From: Armin Kuster @ 2015-06-14 5:37 UTC (permalink / raw) To: openembedded-core V2: fix missing 4.3 work around Signed-off-by: Armin Kuster <akuster808@gmail.com> --- .../neon/neon/gnutls_4.3_fixup.patch | 68 ++++++++++++++++++++++ meta/recipes-support/neon/neon_0.30.1.bb | 3 +- 2 files changed, 70 insertions(+), 1 deletion(-) create mode 100644 meta/recipes-support/neon/neon/gnutls_4.3_fixup.patch diff --git a/meta/recipes-support/neon/neon/gnutls_4.3_fixup.patch b/meta/recipes-support/neon/neon/gnutls_4.3_fixup.patch new file mode 100644 index 0000000..a76560a --- /dev/null +++ b/meta/recipes-support/neon/neon/gnutls_4.3_fixup.patch @@ -0,0 +1,68 @@ +replace deprecated GnuTLS functions with newer ones if available + +Upstream Status: Pending + +Signed-off-by: Armin Kuster <akuster808@gmail.com> + +Index: neon-0.30.1/macros/neon.m4 +=================================================================== +--- neon-0.30.1.orig/macros/neon.m4 ++++ neon-0.30.1/macros/neon.m4 +@@ -987,6 +987,10 @@ gnutls) + gnutls_certificate_get_x509_cas \ + gnutls_x509_crt_sign2]) + ++ # gnutls 4.3 check ++ AC_CHECK_LIB(gnutls, gnutls_global_init) ++ AC_CHECK_FUNCS(gnutls_certificate_set_retrieve_function,,) ++ + # fail if gnutls_x509_crt_sign2 is not found (it was introduced in 1.2.0, which is required) + if test x${ac_cv_func_gnutls_x509_crt_sign2} != xyes; then + AC_MSG_ERROR([GnuTLS version predates gnutls_x509_crt_sign2, newer version required (at least 1.2.0)]) +Index: neon-0.30.1/src/ne_gnutls.c +=================================================================== +--- neon-0.30.1.orig/src/ne_gnutls.c ++++ neon-0.30.1/src/ne_gnutls.c +@@ -553,7 +553,13 @@ dup_error: + static int provide_client_cert(gnutls_session_t session, + const gnutls_datum_t *req_ca_rdn, int nreqs, + const gnutls_pk_algorithm_t *sign_algos, +- int sign_algos_length, gnutls_retr_st *st) ++ int sign_algos_length, ++#if HAVE_GNUTLS_CERTIFICATE_SET_RETRIEVE_FUNCTION ++ gnutls_retr2_st* st ++#else ++ gnutls_retr_st *st ++#endif ++ ) + { + ne_session *sess = gnutls_session_get_ptr(session); + +@@ -617,8 +623,11 @@ static int provide_client_cert(gnutls_se + #endif + ) { + NE_DEBUG(NE_DBG_SSL, "Supplying client certificate.\n"); +- ++#if HAVE_GNUTLS_CERTIFICATE_SET_RETRIEVE_FUNCTION ++ st->cert_type = type; ++#else + st->type = type; ++#endif + st->ncerts = 1; + st->cert.x509 = &sess->client_cert->cert.subject; + st->key.x509 = sess->client_cert->pkey; +@@ -649,8 +658,14 @@ ne_ssl_context *ne_ssl_context_create(in + ne_ssl_context *ctx = ne_calloc(sizeof *ctx); + gnutls_certificate_allocate_credentials(&ctx->cred); + if (flags == NE_SSL_CTX_CLIENT) { ++ ++#if HAVE_GNUTLS_CERTIFICATE_SET_RETRIEVE_FUNCTION ++ gnutls_certificate_set_retrieve_function(ctx->cred, ++ provide_client_cert); ++#else + gnutls_certificate_client_set_retrieve_function(ctx->cred, + provide_client_cert); ++#endif + } + gnutls_certificate_set_verify_flags(ctx->cred, + GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT); diff --git a/meta/recipes-support/neon/neon_0.30.1.bb b/meta/recipes-support/neon/neon_0.30.1.bb index fd170bc..0244314 100644 --- a/meta/recipes-support/neon/neon_0.30.1.bb +++ b/meta/recipes-support/neon/neon_0.30.1.bb @@ -10,7 +10,8 @@ DEPENDS_class-native = "zlib-native libxml2-native expat-native gnutls-native" BBCLASSEXTEND = "native" SRC_URI = "http://www.webdav.org/${BPN}/${BPN}-${PV}.tar.gz \ - file://pkgconfig.patch" + file://pkgconfig.patch \ + file://gnutls_4.3_fixup.patch" SRC_URI[md5sum] = "231adebe5c2f78fded3e3df6e958878e" SRC_URI[sha256sum] = "00c626c0dc18d094ab374dbd9a354915bfe4776433289386ed489c2ec0845cdd" -- 2.3.5 ^ permalink raw reply related [flat|nested] 8+ messages in thread
end of thread, other threads:[~2015-06-19 9:03 UTC | newest] Thread overview: 8+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2015-06-14 5:37 [PATCH 0/3] Gnutls update 4.2 V2 Armin Kuster 2015-06-14 5:37 ` [PATCH 1/3] nettle: update package to 3.1.1 version Armin Kuster 2015-06-14 5:37 ` [PATCH 2/3] gnutls: update to 3.4.1 Armin Kuster 2015-06-15 10:13 ` Burton, Ross 2015-06-15 23:18 ` akuster808 2015-06-18 15:57 ` akuster808 2015-06-19 9:03 ` Burton, Ross 2015-06-14 5:37 ` [PATCH 3/3] neon: fix compat issues with gnutls 4.3 Armin Kuster
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox