| Age | Commit message (Collapse) | Author |
|---|
|
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Fixes: [YOCTO #13471]
Signed-off-by: Ida Delphine <idadelm@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
* it will try to link with librt from host and if you have it on host (libc6-dev-i386 in ubuntu)
it fails with:
/usr/lib32/librt.so: error: undefined reference to '__clock_settime', version 'GLIBC_PRIVATE'
/usr/lib32/librt.so: error: undefined reference to '__clock_getcpuclockid', version 'GLIBC_PRIVATE'
/usr/lib32/librt.so: error: undefined reference to '__clock_getres', version 'GLIBC_PRIVATE'
/usr/lib32/librt.so: error: undefined reference to '__clock_nanosleep', version 'GLIBC_PRIVATE'
collect2: error: ld returned 1 exit status
in older 3.6.14 it was using /usr/lib32/librt.so from host as well, but without do_compile
failing
configure:17539: checking for librt
configure:17563: i686-oe-linux-gcc -m32 -march=core2 -mtune=core2 -msse3 -mfpmath=sse -fstack-protector-strong -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security -Werror=return-type --sysroot=/tmpdir/work/qemux86-oe-linux/gnutls/3.6.14-r0/recipe-sysroot -o conftest -O2 -pipe -g -feliminate-unused-debug-types -fmacro-prefix-map=/tmpdir/work/qemux86-oe-linux/gnutls/3.6.14-r0=/usr/src/debug/gnutls/3.6.14-r0 -fdebug-prefix-map=/tmpdir/work/qemux86-oe-linux/gnutls/3.6.14-r0=/usr/src/debug/gnutls/3.6.14-r0 -fdebug-prefix-map=/tmpdir/work/qemux86-oe-linux/gnutls/3.6.14-r0/recipe-sysroot= -fdebug-prefix-map=/tmpdir/work/qemux86-oe-linux/gnutls/3.6.14-r0/recipe-sysroot-native= -Wl,-O1 -Wl,--hash-style=gnu -Wl,--as-needed -Wl,-z,relro,-z,now conftest.c /usr/lib32/librt.so >&5
configure:17563: $? = 0
configure:17573: result: yes
configure:17580: checking how to link with librt
configure:17582: result: /usr/lib32/librt.so
with --with-librt-prefix passed, it finds the right one as shown in build/config.log:
configure:17551: checking for librt
configure:17575: i686-oe-linux-gcc -m32 -march=core2 -mtune=core2 -msse3 -mfpmath=sse -fstack-protector-strong -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security -Werror=return-type --sysroot=/tmpdir/work/qemux86-oe-linux/gnutls/3.6.15-r0/recipe-sysroot -o conftest -O2 -pipe -g -feliminate-unused-debug-types -fmacro-prefix-map=/tmpdir/work/qemux86-oe-linux/gnutls/3.6.15-r0=/usr/src/debug/gnutls/3.6.15-r0 -fdebug-prefix-map=/tmpdir/work/qemux86-oe-linux/gnutls/3.6.15-r0=/usr/src/debug/gnutls/3.6.15-r0 -fdebug-prefix-map=/tmpdir/work/qemux86-oe-linux/gnutls/3.6.15-r0/recipe-sysroot= -fdebug-prefix-map=/tmpdir/work/qemux86-oe-linux/gnutls/3.6.15-r0/recipe-sysroot-native= -I/tmpdir/work/qemux86-oe-linux/gnutls/3.6.15-r0/recipe-sysroot/usr/include -Wl,-O1 -Wl,--hash-style=gnu -Wl,--as-needed -Wl,-z,relro,-z,now conftest.c /tmpdir/work/qemux86-oe-linux/gnutls/3.6.15-r0/recipe-sysroot/usr/lib/librt.so >&5
configure:17575: $? = 0
configure:17585: result: yes
configure:17592: checking how to link with librt
configure:17594: result: /tmpdir/work/qemux86-oe-linux/gnutls/3.6.15-r0/recipe-sysroot/usr/lib/librt.so
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Backport the CVE patch from the usptream:
https://gitlab.com/gnutls/gnutls.git
commit 29ee67c205855e848a0a26e6d0e4f65b6b943e0a
Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This was discussed and accepted upstream by the project so their license is consistent.
Please reference to https://gitlab.com/gnutls/gnutls/-/issues/1018
and https://gitlab.com/gnutls/gnutls/-/merge_requests/1285.
Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Remove backported patches and explicitly pass -std=gnu99 to native CFLAGS
to make sure build passes on older and still supported OSes like CentOS 7.
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Drop patch from 81485be19b18 ("gnutls: don't use HOSTTOOLS_DIR/bash as a
shell on target") as upstream now honours POSIX_SHELL when set as the
primary target shell.
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
This is required before enabling p11-kit support by default in gnutls.
Signed-off-by: Philippe Normand <philn@igalia.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
* For changes in this version, see:
https://gitlab.com/gnutls/libtasn1/-/releases
* Remove the musl patch as it's no longer needed.
* Backport a patch to ensure LDFLAGS are not over-ridden.
License-Update: License clarification, no change in actual terms.
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The libopts configure script looks for a shell on the build host and assumes
it's good for the target. However in our builds it find $HOSTTOOLS_DIR/bash
which isn't useful, so patch out the detection and force $base_bindir/sh.
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
-Upgrade from gnutls_3.6.7.bb to gnutls_3.6.8.bb.
Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Philippe Normand <philn@igalia.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Since version 2.58 the glib-networking TLS database relies on GnuTLS's system
trust store, so not enabling it leads to TLS errors in applications depending on
glib-networking. The raised runtime warning is:
process:500): GLib-Net-WARNING **: 09:14:09.321: Failed to load TLS database: Failed to load system trust store: GnuTLS was not configured with a system trust
(app:490): ... TLS Error: TLS certificate has unknown CA.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This is a new upstream release from the same stable branch
bringing new features and bugfixes (including CVE fixes).
COPYING changed http -> https.
configure no longer has a --without-libunistring-prefix option.
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Bug fix only release
Full details:
https://lists.gnupg.org/pipermail/gnutls-help/2018-December/004465.html
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This recipe doesn't ship a *-config binary, so don't inherit binconfig.
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
This recipe doesn't ship a *-config binary, so don't inherit binconfig.
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Notable change:
libgnutls: Added the final (RFC8446) version numbering of the TLS1.3 protocol.
see: https://lists.gnupg.org/pipermail/gnutls-help/2018-September/004457.html
Signed-off-by: Armin Kuster <akuster808@gmail.com>
--
[v2]
Fix typo in version in subject
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
By including PACKAGECONFIG options, the recipe takes responsibility
for defining the default state of these options. Although the recipe
currently aligns with the gnutls defaults (ie both disabled) tracking
new gnutls releases will be a maintenance effort. Unless there's a
clear reason to do otherwise, it seems safer to leave the choice of
which SSL/TLS versions to enable by default up to the gnutls
developers.
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
>From gnutls 3.5.8 onwards, the code in configure.ac has been passing
"basename $i" to sed, rather than "echo $i". Since the full ${srcdir}
path is not being processed, there's no risk of unexpected matches.
https://gitlab.com/armcc/gnutls/commit/478179316bc815e1ad518ae318f46e94a13b0e1f
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
[v2]
Fix new config options form with to disable.
[v1]
release notes: https://lists.gnupg.org/pipermail/gnutls-devel/2018-July/008584.html
add ssl3 and tls1.3 config options now supported.
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This causes regression on build machines where libunistring is installed
on host. It is also because gnuts is using non standard AC macro called
AC_LIB_HAVE_LINKFLAGS to detect this library and it confusing cross builds.
This reverts commit 60fef4940de7f0440f1216eb2ea0ea683b3e8fdd.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
gnutls only works with libidn2, so update the build dependency.
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
No need to pass --without-libunistring-prefix, and it looks a lot like we're
trying to disable it.
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
HTTP is in general more reliable so use that in the SRC_URI.
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The patch tool will apply patches by default with "fuzz", which is where if the
hunk context isn't present but what is there is close enough, it will force the
patch in.
Whilst this is useful when there's just whitespace changes, when applied to
source it is possible for a patch applied with fuzz to produce broken code which
still compiles (see #10450). This is obviously bad.
We'd like to eventually have do_patch() rejecting any fuzz on these grounds. For
that to be realistic the existing patches with fuzz need to be rebased and
reviewed.
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Remove backported patch:
CVE-2017-10790.patch
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
zlib configure.ac support removed in 3.6.1
drop patch
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
This is a bug fix release on the
current stable branch. Note that, I've also switched the release
cadence to bi-monthly as less and less bug fixes/updates accumulate
each month on this branch.
** API and ABI modifications:
No changes since last version.
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The _asn1_check_identifier function in GNU Libtasn1 through 4.12 causes
a NULL pointer dereference and crash when reading crafted input that
triggers assignment of a NULL value within an asn1_node structure. It
may lead to a remote denial of service attack.
References:
https://nvd.nist.gov/vuln/detail/CVE-2017-10790
http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commit;
h=d8d805e1f2e6799bb2dff4871a8598dc83088a39
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Some of these are clearly dead, e.g. one binutils patch reverts the effects
of the earlier one.
This also removes the uclibc site files. We now have mechanisms to allow these
to be extended from another layer should someone ever wish to do that.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
uclibc support was removed a while ago and musl works much better. Start to
remove the various overrides and patches related to uclibc which are no longer
needed.
uclibc support in a layer would still be possible. I have strong reasons to
believe nobody is still using uclibc since patches are missing and I doubt
the metadata even parses anymore.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
1. Upgrade gnutls from 3.5.9 to 3.5.13
2. Rebase the following patch file.
use-pkg-config-to-locate-zlib.patch
Signed-off-by: Fan Xin <fan.xin@jp.fujitsu.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Noteworthy changes:
1. Introduced the ASN1_TIME_ENCODING_ERROR error code to indicate an invalid
encoding in the DER time fields.
2. Introduced flag ASN1_DECODE_FLAG_ALLOW_INCORRECT_TIME. This flag allows
decoding errors in time fields even when in strict DER mode.
3. Added safety check in asn1_find_node(). That prevents a crash when a very
long variable name is provided by the developer.
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
There may be alternative gnutls recipes outside oe-core which include
gnutls.inc but which don't want BBCLASSEXTEND = "native nativesdk".
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Drop 0001-Do-not-add-cli-args.h-to-cli-args.stamp-Makefile-tar.patch, it's merged upstream.
Rebase 0001-configure.ac-fix-sed-command.patch.
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Removed the following Backported patches:
1. 0001-configure-don-t-add-Werror-to-build-flags.patch
2. 0002-ASN.y-corrected-compiler-warning.patch
3. 0003-parser_aux-corrected-potential-null-pointer-derefere.patch
4. 0004-tools-eliminated-compiler-warnings.patch
fixed the following build error with musl
...
| from ../../libtasn1-4.10/gl/getopt.c:28:
| ./stdint.h:89:5: error: #if with no expression
| #if
| ^
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
This fixes a potential pollution by the build host and build error
when yacc isn't installed on the build host:
| ../../libtasn1-4.9/build-aux/ylwrap: line 175: yacc: command not found
| Makefile:1116: recipe for target 'ASN1.c' failed
| make[3]: *** [ASN1.c] Error 127
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Specify whether to use libseccomp or not. Do not
just let configure check for it.
Signed-off-by: Joe Slater <jslater@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Do not reference unavailable system calls when
building for ARM_EABI.
Signed-off-by: Joe Slater <jslater@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
Wang Mingyu
Meh Mbeh Ida Delphine
Alexander Kanavin
Martin Jansa
Zhixiong Chi
zhengruoqin
Adrian Bunk
Anuj Mittal
Alex Kiernan
Ross Burton
Philippe Normand
Zang Ruochen
Armin Kuster
Andre McCurdy
Khem Raj
Armin Kuster
Maxin B. John
Yue Tao
Richard Purdie
Fan Xin
Alexander Kanavin
Patrick Ohly
Joe Slater