| Age | Commit message (Collapse) | Author |
|---|
|
Previously the OCSP certificate check wouldn't verify the serial
length and could succeed in cases it shouldn't (CVE-2016-7444).
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Current release has relocations in .text on x86. Silence the
warning for now: Upcoming release should have a real fix.
[YOCTO #10290]
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
|
|
gtk-doc also requires --enable-doc, so that is no longer configurable.
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
|
|
Add patch to fix compile without libtasn headers.
(From OE-Core rev: b43e4499fb3bae4740660a729a900d951eab00e8)
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
These patches are backported from master to fix issues raised by clang
compiler.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
4.8 -> 4.9
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Remove no longer supported --disable-crywrap option.
Add a checksum for the LICENSE file with licensing overview.
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
* Version 3.4.10 (released 2016-03-03)
** libgnutls: Eliminated issues preventing buffers more than 2^32 bytes
to be used with hashing functions.
** libgnutls: Corrected leaks and other issues in gnutls_x509_crt_list_import().
** libgnutls: Fixes in DSA key handling for PKCS #11. Report and patches
by Jan Vcelak.
** libgnutls: Several fixes to prevent relying on undefined behavior of C
(found with libubsan).
* Version 3.4.11 (released 2016-04-11)
** libgnutls: Fixes in gnutls_record_get/set_state() with DTLS. Reported
by Fridolin Pokorny.
** libgnutls: Fixes in DSA key generation under PKCS #11. Report and patches
by Jan Vcelak.
** libgnutls: Corrected behavior of ALPN extension parsing during session
resumption. Report and patches by Yuriy M. Kaminskiy.
** libgnutls: Corrected regression (since 3.4.0) in gnutls_server_name_set()
which caused it not to accept non-null-terminated hostnames. Reported
by Tim Ruehsen.
** libgnutls: Corrected printing of the IP Adress name constraints.
** ocsptool: use HTTP/1.0 for requests. This avoids issue with servers
serving chunk encoding which ocsptool doesn't support. Reported by Thomas
Klute.
** certtool: do not require a CA for OCSP signing tag. This follows the
recommendations in RFC6960 in 4.2.2.2 which allow a CA to delegate OCSP
signing to another certificate without requiring it to be a CA. Reported
by Thomas Klute.
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
4.7 -> 4.8
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
This version fixes bugs in the current stable branch.
* Version 3.4.9 (released 2016-02-03)
** libgnutls: Corrected ALPN protocol negotiation. Before GnuTLS would
negotiate the last commonly supported protocol, rather than the
first. Reported by Remi Denis-Courmont (#63).
** libgnutls: Tolerate empty DN fields in informational output
functions.
** libgnutls: Corrected regression causes by incorrect fix in
gnutls_x509_ext_export_key_usage() at 3.4.8 release.
** API and ABI modifications:
No changes since last version.
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
libidn (Internationalized Domain Name support library) may not be
desired in all cases, so add a PACKAGECONFIG option to control it.
Allow --enable-doc, libtasn1 internal -vs- external (still internal
by default) and p11-kit support to be controlled via PACKAGECONFIG
too.
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
GnuTLS depends on gmp. The dependency is usually satisfied indirectly
via nettle, but for correctness make it explicit in the gnutls recipe.
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Reordering, plus combine two LDFLAGS_append_libc-uclibc lines into one.
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
uclibc has its own implementation for libargp
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
libidn is needed by the new version to compare hostnames.
Openssl compatibility is no longer enabled by default, but is
required by other packages in oe-core.
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
4.5 -> 4.7
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Remains enabled by default, no functional change.
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
AC_LIB_HAVE_LINKFLAGS can sometimes find host libs and is therefore not
robust when cross-compiling. Remove it for zlib and use PKG_CHECK_MODULES
instead.
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The default search path in sysroot is sufficient to find zlib, so the
--with-libz-prefix configure option seems to be unnecessary.
For target builds, relying on sysroot also prevents an absolute path
from being hardcoded in the gnutls.pc pkg-config file.
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
* Remove configure.ac-patch as unnecessary
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
update to 3.3.12 to fix some bugs.
http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7967
Signed-off-by: Bian Naimeng <biannm@cn.fujitsu.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
The "sed 's/.bak//g'" matchs "bitbake", which would cause strange errors
when the S contains "bitbake", fix to "sed 's/\.bak$//'`"
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
|
|
It works well now, and bump the PR to avoid:
configure: error: source directory already configured; run "make distclean" there first
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
|
|
this also includes a fix for CVE-2014-8564.
see http://www.gnutls.org/security.html for CVE-2014-3566 "POODLE" statement.
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Disable tpm to solve following error:
.../usr/lib64/libtspi.la: No such file or directory
trousers isn't an oe-core recipe, disable it for now.
Signed-off-by: Chong Lu <Chong.Lu@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
GNU Wget cannot be upgrated to a newer that 1.12 version on supported
Centos distro. GNU Wget 1.12 and earlier uses a server-provided filename
instead of the original URL to determine the destination filename of a
download.
This means the files downloaded when fetching cannot be properly used:
$ wget http://www.balabit.com/downloads/files/syslog-ng/open-source-edition/3.4.2/source/eventlog_0.2.13.tar.gz
$ ls
eventlog_0.2.13.tar.gz?AWSAccessKeyId=AKIAICTJ5MANGPMOH7JA&Expires=1400838672&Signature=TjakOBpOvHtEKKDgF14iVinWpY0=
This in turn lead to build errors like:
WARNING: Failed to fetch URL http://www.balabit.com/downloads/files/syslog-ng/open-source-edition/3.4.2/source/eventlog_0.2.13.tar.gz, attempting MIRRORS if available
ERROR: Fetcher failure for URL: 'http://www.balabit.com/downloads/files/syslog-ng/open-source-edition/3.4.2/source/eventlog_0.2.13.tar.gz'. The fetch command returned success for url http://www.balabit.com/downloads/files/syslog-ng/open-source-edition/3.4.2/source/eventlog_0.2.13.tar.gz but /path/to/downloads/eventlog_0.2.13.tar.gz doesn't exist?!
ERROR: Function failed: Fetcher failure for URL: 'http://www.balabit.com/downloads/files/syslog-ng/open-source-edition/3.4.2/source/eventlog_0.2.13.tar.gz'. Unable to fetch URL from any source.
ERROR: Logfile of failure stored in: /path/to/tmp/work/ppce500v2-enea-linux-gnuspe/eventlog/0.2.13-r0/temp/log.do_fetch.28302
ERROR: Task 4 (/path/to/poky/meta-openembedded/meta-oe/recipes-support/eventlog/eventlog_0.2.13.bb, do_fetch) failed with exit code '1'
[YOCTO #6549]
Signed-off-by: Tudor Florea <tudor.florea@enea.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Avoids WARNING: QA Issue: gnutls-bin rdepends on libidn but its not a build dependency? [build-deps]
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Bump version to 4.0
Signed-off-by: Maxin B. John <maxin.john@enea.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Bump version to 3.3.5
Signed-off-by: Maxin B. John <maxin.john@enea.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Valentin Popa <valentin.popa@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Valentin Popa <valentin.popa@intel.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
Removes not needed or already merged patches.
Removes unused configure flags.
Tells gnutls to use the included libopts.
Removes libextra (not needed since 3.0.5).
Signed-off-by: Valentin Popa <valentin.popa@intel.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
The class itself currently does nothing. The idea is to mark all recipes that
make use of the texinfo utilities. In the future, this class could be used to
suppress the generation/formatting of documentation for performance,
explicitly track dependencies on these utilities, and eliminate Yocto's
current dependency on the host system's texinfo utilities.
Signed-off-by: Max Eliaser <max.eliaser@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Otherwise we end up with missing symbols from libpthread
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Add a Debian patch to fix a load of errors building the documentation
within do_compile e.g.:
| ./x509-api.texi:15: misplaced {
| ./x509-api.texi:15: misplaced }
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
certificates.
This patch is for the OE-Core master branch - it comes from upstream:
>From 467478d8ff08a3cb4be3034ff04c9d08a0ceba3e
From: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date: Wed, 12 Feb 2014 16:41:33 +0100
For more info see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1959
http://www.gnutls.org/security.html#GNUTLS-SA-2014-1
https://www.gitorious.org/gnutls/gnutls/commit/467478d8ff08a3cb4be3034ff04c9d08a0ceba3e
Signed-off-by: Karl Hiramoto <karl@hiramoto.org>
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This patch is for the OE-Core master branch - it comes from upstream:
git://gitorious.org/gnutls/gnutls.git
branch: gnutls_2_12_x
commit: 6aa26f78150ccbdf0aec1878a41c17c41d358a3b
Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date: Thu Feb 27 19:42:26 2014 +0100
For more info see:
http://www.gnutls.org/security.html#GNUTLS-SA-2014-2
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0092
https://www.gitorious.org/gnutls/gnutls/commit/6aa26f78150ccbdf0aec1878a41c17c41d358a3b
Signed-off-by: Karl Hiramoto <karl@hiramoto.org>
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This patch goes through the OE-Core recipes and marks those which use autotools
but don't support a separate build directory (${S} != ${B}). A new class,
autotools-brokensep is used for this purpose.
This doesn't introduce any change in behaviour in its own right.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Irina Patru <irina.patru@intel.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
A lot of our recipes had short one-line DESCRIPTION values and no
SUMMARY value set. In this case it's much better to just set SUMMARY
since DESCRIPTION is defaulted from SUMMARY anyway and then the SUMMARY
is at least useful. I also took the opportunity to fix up a lot of the
new SUMMARY values, making them concisely explain the function of the
recipe / package where possible.
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
|
|
The following patches are found, but not used by any recipe, so we should
remove them.
meta/recipes-connectivity/avahi/files/fix_for_automake_1.11.2.patch
meta/recipes-connectivity/dhcp/dhcp/fix-client-path.patch
meta/recipes-connectivity/libnss-mdns/files/alignment-fix.patch
meta/recipes-core/dbus/dbus-1.6.10/test-run-path.patch
meta/recipes-core/gettext/gettext-0.16.1/fixchicken.patch
meta/recipes-core/gettext/gettext-0.16.1/getline.m4.patch
meta/recipes-core/systemd/systemd/use-rootlibdir.patch
meta/recipes-core/util-linux/util-linux/remove-lscpu.patch
meta/recipes-core/util-linux/util-linux/remove_sigsetmark.patch
meta/recipes-core/util-linux/util-linux/uclibc-compile.patch
meta/recipes-devtools/autoconf/autoconf/autoconf-x.patch
meta/recipes-devtools/btrfs-tools/btrfs-tools/btrfs-progs-fix-parallel-build.patch
meta/recipes-devtools/btrfs-tools/btrfs-tools/btrfs-progs-fix-parallel-build2.patch
meta/recipes-devtools/cdrtools/cdrtools-native/no_usr_src.patch
meta/recipes-devtools/elfutils/elfutils-0.155/elfutils-robustify.patch
meta/recipes-devtools/gdb/gdb/libiberty-cross.patch
meta/recipes-devtools/perl/perl-5.14.3/asm-pageh-fix.patch
meta/recipes-devtools/python/python-native/sys_platform_is_now_always_linux2.patch
meta/recipes-devtools/python/python-pygobject/generate-constants.patch
meta/recipes-devtools/qemu/files/3f08ffb4a4741d147634761dc053ed386243a0de.patch
meta/recipes-devtools/qemu/files/enable-i386-linux-user.patch
meta/recipes-devtools/qemu/files/init-info.patch
meta/recipes-devtools/rpm/rpm/rpm_fix_for_automake-1.12.patch
meta/recipes-devtools/tcf-agent/tcf-agent/fix_tcf-agent.init.patch
meta/recipes-extended/iputils/files/arping-break-libsysfs-dependency.patch
meta/recipes-extended/libarchive/libarchive/0003-Patch-from-upstream-rev-2516.patch
meta/recipes-extended/procps/procps-3.2.8/pagesz-not-constant.patch
meta/recipes-gnome/gtk+/gtk+-2.24.22/no-demos.patch
meta/recipes-gnome/libglade/libglade-2.6.4/no-deprecation.patch
meta/recipes-graphics/mesa/mesa/0005-llvmpipe-remove-the-power-of-two-sizeof-struct-cmd_b.patch
meta/recipes-graphics/xorg-lib/libxxf86dga/libxxf86dga-1.1.3_fix_for_x32.patch
meta/recipes-kernel/kmod/kmod/fix-undefined-O_CLOEXEC.patch
meta/recipes-kernel/linux-libc-headers/linux-libc-headers/connector-msg-size-fix.patch
meta/recipes-kernel/linux/linux-yocto/tools-perf-no-scripting.patch
meta/recipes-support/gnutls/gnutls/gnutls-texinfo-euro.patch
meta/recipes-support/nspr/nspr/fix-build-on-aarch64.patch
[YOCTO #5180]
Signed-off-by: Chong Lu <Chong.Lu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Ionut Radu <ionutx.radu@intel.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
Importantly, this fixes CVE-2013-1619.
Upstream doesn't use GNU as a host, so update the SRC_URI.
remove-gets.patch isn't required anymore, obsolete_automake_macros.patch is
merged upstream, and gnutls_fix_for_automake_1.12.1.patch doesn't seem to be
needed. It was merged and reverted upstream, and my build without it succeeded.
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Add obsolete_automake_macros.patch that replaces automake macros
no longer supported by automake-1.13 with modern constructs.
Signed-off-by: Marko Lindqvist <cazfi74@gmail.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
Remove manpage creation. It wasn't working because of help2man
missing when libtasn1 is being built. This attempt to create
manpages without help2man turns from no-op to hard error with
automake-1.13.
Signed-off-by: Marko Lindqvist <cazfi74@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
Jussi Kukkonen
Alexander Kanavin
Khem Raj
Maxin B. John
Andre McCurdy
Bian Naimeng
Robert Yang
Armin Kuster
Chong Lu
Tudor Florea
Richard Purdie
Maxin B. John
Valentin Popa
Max Eliaser
Paul Eggleton
Karl Hiramoto
Irina Patru
Ionut Radu
Ross Burton
Marko Lindqvist