* [PATCH 0/3] Gnutls update 4.2 V2
@ 2015-06-14 5:37 Armin Kuster
2015-06-14 5:37 ` [PATCH 1/3] nettle: update package to 3.1.1 version Armin Kuster
` (2 more replies)
0 siblings, 3 replies; 11+ messages in thread
From: Armin Kuster @ 2015-06-14 5:37 UTC (permalink / raw)
To: openembedded-core
The nettle and gnutls updates must be done as a pair.
Include neon build fixes for the above update
The following changes since commit 1675ff6fff53dda89fa8d4f3a2c292c23fd346d7:
bitbake: tests/data: Add new data tests (2015-06-12 00:02:28 +0100)
are available in the git repository at:
git://git.yoctoproject.org/poky-contrib akuster/gnutls-update
http://git.yoctoproject.org/cgit.cgi//log/?h=akuster/gnutls-update
Armin Kuster (3):
nettle: update package to 3.1.1 version.
gnutls: update to 3.4.1
neon: fix compat issues with gnutls 4.3
meta/recipes-support/gnutls/gnutls.inc | 3 +-
.../gnutls/configure.ac-fix-sed-command.patch | 29 +++++----
meta/recipes-support/gnutls/gnutls_3.3.14.bb | 8 ---
meta/recipes-support/gnutls/gnutls_3.4.1.bb | 8 +++
.../neon/neon/gnutls_4.3_fixup.patch | 68 ++++++++++++++++++++++
meta/recipes-support/neon/neon_0.30.1.bb | 3 +-
.../nettle/{nettle_2.7.1.bb => nettle_3.1.1.bb} | 12 ++--
7 files changed, 99 insertions(+), 32 deletions(-)
delete mode 100644 meta/recipes-support/gnutls/gnutls_3.3.14.bb
create mode 100644 meta/recipes-support/gnutls/gnutls_3.4.1.bb
create mode 100644 meta/recipes-support/neon/neon/gnutls_4.3_fixup.patch
rename meta/recipes-support/nettle/{nettle_2.7.1.bb => nettle_3.1.1.bb} (48%)
--
2.3.5
^ permalink raw reply [flat|nested] 11+ messages in thread
* [PATCH 1/3] nettle: update package to 3.1.1 version.
2015-06-14 5:37 [PATCH 0/3] Gnutls update 4.2 V2 Armin Kuster
@ 2015-06-14 5:37 ` Armin Kuster
2015-06-14 5:37 ` [PATCH 2/3] gnutls: update to 3.4.1 Armin Kuster
2015-06-14 5:37 ` [PATCH 3/3] neon: fix compat issues with gnutls 4.3 Armin Kuster
2 siblings, 0 replies; 11+ messages in thread
From: Armin Kuster @ 2015-06-14 5:37 UTC (permalink / raw)
To: openembedded-core
this requires the gnutls 3.4.1 update or the current gnutils build will break.
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
.../nettle/{nettle_2.7.1.bb => nettle_3.1.1.bb} | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
rename meta/recipes-support/nettle/{nettle_2.7.1.bb => nettle_3.1.1.bb} (48%)
diff --git a/meta/recipes-support/nettle/nettle_2.7.1.bb b/meta/recipes-support/nettle/nettle_3.1.1.bb
similarity index 48%
rename from meta/recipes-support/nettle/nettle_2.7.1.bb
rename to meta/recipes-support/nettle/nettle_3.1.1.bb
index f53afcc..ce5e756 100644
--- a/meta/recipes-support/nettle/nettle_2.7.1.bb
+++ b/meta/recipes-support/nettle/nettle_3.1.1.bb
@@ -1,17 +1,17 @@
SUMMARY = "A low level cryptographic library"
HOMEPAGE = "http://www.lysator.liu.se/~nisse/nettle/"
SECTION = "libs"
-LICENSE = "LGPLv2.1 & GPLv2"
-LIC_FILES_CHKSUM = "file://COPYING.LIB;md5=2d5025d4aa3495befef8f17206a5b0a1 \
- file://serpent-decrypt.c;beginline=53;endline=67;md5=bcfd4745d53ca57f82907089898e390d \
- file://serpent-set-key.c;beginline=56;endline=70;md5=bcfd4745d53ca57f82907089898e390d"
+LICENSE = "GPLv2+ & GPLv3 & LGPLv3+"
+LIC_FILES_CHKSUM = "file://COPYINGv2;beginline=1;endline=2;md5=c70d8d3310941dcdfcd1e02800a1f548 \
+ file://COPYINGv3;beginline=1;endline=2;md5=d1c727712ceba52db52e0ee449cadf43 \
+ file://COPYING.LESSERv3;beginline=1;endline=2;md5=ff44a06d461487fb65f84ad672a1d1c8"
DEPENDS += "gmp"
SRC_URI = "http://www.lysator.liu.se/~nisse/archive/${BP}.tar.gz"
-SRC_URI[md5sum] = "003d5147911317931dd453520eb234a5"
-SRC_URI[sha256sum] = "bc71ebd43435537d767799e414fce88e521b7278d48c860651216e1fc6555b40"
+SRC_URI[md5sum] = "b40fa88dc32f37a182b6b42092ebb144"
+SRC_URI[sha256sum] = "5fd4d25d64d8ddcb85d0d897572af73b05b4d163c6cc49438a5bfbb8ff293d4c"
EXTRA_OECONF = "--disable-openssl"
--
2.3.5
^ permalink raw reply related [flat|nested] 11+ messages in thread
* [PATCH 2/3] gnutls: update to 3.4.1
2015-06-14 5:37 [PATCH 0/3] Gnutls update 4.2 V2 Armin Kuster
2015-06-14 5:37 ` [PATCH 1/3] nettle: update package to 3.1.1 version Armin Kuster
@ 2015-06-14 5:37 ` Armin Kuster
2015-06-15 10:13 ` Burton, Ross
2015-06-14 5:37 ` [PATCH 3/3] neon: fix compat issues with gnutls 4.3 Armin Kuster
2 siblings, 1 reply; 11+ messages in thread
From: Armin Kuster @ 2015-06-14 5:37 UTC (permalink / raw)
To: openembedded-core
This version supports the nettle 3.x and higher and requires that version.
this include a security fix:
GNUTLS-SA-2015-2
no CVE assigned to date.
enable openssl compat via PACKAGECONFIG as iputils needs gnutls/openssl.h
for migration info:
http://www.gnutls.org/manual/gnutls.html#Upgrading-from-previous-versions
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
meta/recipes-support/gnutls/gnutls.inc | 3 ++-
.../gnutls/configure.ac-fix-sed-command.patch | 29 ++++++++++------------
meta/recipes-support/gnutls/gnutls_3.3.14.bb | 8 ------
meta/recipes-support/gnutls/gnutls_3.4.1.bb | 8 ++++++
4 files changed, 23 insertions(+), 25 deletions(-)
delete mode 100644 meta/recipes-support/gnutls/gnutls_3.3.14.bb
create mode 100644 meta/recipes-support/gnutls/gnutls_3.4.1.bb
diff --git a/meta/recipes-support/gnutls/gnutls.inc b/meta/recipes-support/gnutls/gnutls.inc
index e9b138a..6928cb9 100644
--- a/meta/recipes-support/gnutls/gnutls.inc
+++ b/meta/recipes-support/gnutls/gnutls.inc
@@ -34,9 +34,10 @@ do_configure_prepend() {
done
}
-PACKAGECONFIG ??= "zlib"
+PACKAGECONFIG ??= "zlib openssl_compat"
PACKAGECONFIG[tpm] = "--with-tpm, --without-tpm, trousers"
PACKAGECONFIG[zlib] = "--with-zlib, --without-zlib, zlib"
+PACKAGECONFIG[openssl_compat] = "--enable-openssl-compatibility,,"
PACKAGES =+ "${PN}-openssl ${PN}-xx"
diff --git a/meta/recipes-support/gnutls/gnutls/configure.ac-fix-sed-command.patch b/meta/recipes-support/gnutls/gnutls/configure.ac-fix-sed-command.patch
index 44a9934..342143f 100644
--- a/meta/recipes-support/gnutls/gnutls/configure.ac-fix-sed-command.patch
+++ b/meta/recipes-support/gnutls/gnutls/configure.ac-fix-sed-command.patch
@@ -13,19 +13,16 @@ Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
configure.ac | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
-diff --git a/configure.ac b/configure.ac
-index c6818a0..1c4582d 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -466,7 +466,7 @@ if test "$NEED_LIBOPTS_DIR" = "true";then
- dnl replace libopts-generated files with distributed backups, if present
- missing_baks=
- for i in ${srcdir}/src/*-args.c.bak ${srcdir}/src/*-args.h.bak; do
-- nam=`echo $i|sed 's/.bak//g'`
-+ nam=`echo $i|sed 's/\.bak$//'`
- if test -f $i;then
- cp -f $i $nam
- else
---
-2.0.1
-
+Index: gnutls-3.4.1/configure.ac
+===================================================================
+--- gnutls-3.4.1.orig/configure.ac
++++ gnutls-3.4.1/configure.ac
+@@ -530,7 +530,7 @@ if test "$enable_tools" != "no" || test
+ dnl replace libopts-generated files with distributed backups, if present
+ missing_baks=
+ for i in ${srcdir}/src/*-args.c.bak ${srcdir}/src/*-args.h.bak; do
+- nam=`echo $i|sed 's/.bak//g'`
++ nam=`echo $i|sed 's/\.bak$//'`
+ if test -f $i;then
+ cp -f $i $nam
+ else
diff --git a/meta/recipes-support/gnutls/gnutls_3.3.14.bb b/meta/recipes-support/gnutls/gnutls_3.3.14.bb
deleted file mode 100644
index f41d183..0000000
--- a/meta/recipes-support/gnutls/gnutls_3.3.14.bb
+++ /dev/null
@@ -1,8 +0,0 @@
-require gnutls.inc
-
-SRC_URI += "file://correct_rpl_gettimeofday_signature.patch \
- file://configure.ac-fix-sed-command.patch \
- file://use-pkg-config-to-locate-zlib.patch \
- "
-SRC_URI[md5sum] = "7f4465f8c564cf9cb8f5cb38b909f7ca"
-SRC_URI[sha256sum] = "0dfa0030faad8909c1e904105198232d6bc0123cae8cf4933b2bac85ee7cec52"
diff --git a/meta/recipes-support/gnutls/gnutls_3.4.1.bb b/meta/recipes-support/gnutls/gnutls_3.4.1.bb
new file mode 100644
index 0000000..1b64813
--- /dev/null
+++ b/meta/recipes-support/gnutls/gnutls_3.4.1.bb
@@ -0,0 +1,8 @@
+require gnutls.inc
+
+SRC_URI += "file://correct_rpl_gettimeofday_signature.patch \
+ file://configure.ac-fix-sed-command.patch \
+ file://use-pkg-config-to-locate-zlib.patch \
+ "
+SRC_URI[md5sum] = "2d04f34fa25b45f9dcb9104c0394e12e"
+SRC_URI[sha256sum] = "e9b5f58becf34756464216056cd5abbf04315eda80a374d02699dee83f80b12e"
--
2.3.5
^ permalink raw reply related [flat|nested] 11+ messages in thread
* [PATCH 3/3] neon: fix compat issues with gnutls 4.3
2015-06-14 5:37 [PATCH 0/3] Gnutls update 4.2 V2 Armin Kuster
2015-06-14 5:37 ` [PATCH 1/3] nettle: update package to 3.1.1 version Armin Kuster
2015-06-14 5:37 ` [PATCH 2/3] gnutls: update to 3.4.1 Armin Kuster
@ 2015-06-14 5:37 ` Armin Kuster
2 siblings, 0 replies; 11+ messages in thread
From: Armin Kuster @ 2015-06-14 5:37 UTC (permalink / raw)
To: openembedded-core
V2: fix missing 4.3 work around
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
.../neon/neon/gnutls_4.3_fixup.patch | 68 ++++++++++++++++++++++
meta/recipes-support/neon/neon_0.30.1.bb | 3 +-
2 files changed, 70 insertions(+), 1 deletion(-)
create mode 100644 meta/recipes-support/neon/neon/gnutls_4.3_fixup.patch
diff --git a/meta/recipes-support/neon/neon/gnutls_4.3_fixup.patch b/meta/recipes-support/neon/neon/gnutls_4.3_fixup.patch
new file mode 100644
index 0000000..a76560a
--- /dev/null
+++ b/meta/recipes-support/neon/neon/gnutls_4.3_fixup.patch
@@ -0,0 +1,68 @@
+replace deprecated GnuTLS functions with newer ones if available
+
+Upstream Status: Pending
+
+Signed-off-by: Armin Kuster <akuster808@gmail.com>
+
+Index: neon-0.30.1/macros/neon.m4
+===================================================================
+--- neon-0.30.1.orig/macros/neon.m4
++++ neon-0.30.1/macros/neon.m4
+@@ -987,6 +987,10 @@ gnutls)
+ gnutls_certificate_get_x509_cas \
+ gnutls_x509_crt_sign2])
+
++ # gnutls 4.3 check
++ AC_CHECK_LIB(gnutls, gnutls_global_init)
++ AC_CHECK_FUNCS(gnutls_certificate_set_retrieve_function,,)
++
+ # fail if gnutls_x509_crt_sign2 is not found (it was introduced in 1.2.0, which is required)
+ if test x${ac_cv_func_gnutls_x509_crt_sign2} != xyes; then
+ AC_MSG_ERROR([GnuTLS version predates gnutls_x509_crt_sign2, newer version required (at least 1.2.0)])
+Index: neon-0.30.1/src/ne_gnutls.c
+===================================================================
+--- neon-0.30.1.orig/src/ne_gnutls.c
++++ neon-0.30.1/src/ne_gnutls.c
+@@ -553,7 +553,13 @@ dup_error:
+ static int provide_client_cert(gnutls_session_t session,
+ const gnutls_datum_t *req_ca_rdn, int nreqs,
+ const gnutls_pk_algorithm_t *sign_algos,
+- int sign_algos_length, gnutls_retr_st *st)
++ int sign_algos_length,
++#if HAVE_GNUTLS_CERTIFICATE_SET_RETRIEVE_FUNCTION
++ gnutls_retr2_st* st
++#else
++ gnutls_retr_st *st
++#endif
++ )
+ {
+ ne_session *sess = gnutls_session_get_ptr(session);
+
+@@ -617,8 +623,11 @@ static int provide_client_cert(gnutls_se
+ #endif
+ ) {
+ NE_DEBUG(NE_DBG_SSL, "Supplying client certificate.\n");
+-
++#if HAVE_GNUTLS_CERTIFICATE_SET_RETRIEVE_FUNCTION
++ st->cert_type = type;
++#else
+ st->type = type;
++#endif
+ st->ncerts = 1;
+ st->cert.x509 = &sess->client_cert->cert.subject;
+ st->key.x509 = sess->client_cert->pkey;
+@@ -649,8 +658,14 @@ ne_ssl_context *ne_ssl_context_create(in
+ ne_ssl_context *ctx = ne_calloc(sizeof *ctx);
+ gnutls_certificate_allocate_credentials(&ctx->cred);
+ if (flags == NE_SSL_CTX_CLIENT) {
++
++#if HAVE_GNUTLS_CERTIFICATE_SET_RETRIEVE_FUNCTION
++ gnutls_certificate_set_retrieve_function(ctx->cred,
++ provide_client_cert);
++#else
+ gnutls_certificate_client_set_retrieve_function(ctx->cred,
+ provide_client_cert);
++#endif
+ }
+ gnutls_certificate_set_verify_flags(ctx->cred,
+ GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT);
diff --git a/meta/recipes-support/neon/neon_0.30.1.bb b/meta/recipes-support/neon/neon_0.30.1.bb
index fd170bc..0244314 100644
--- a/meta/recipes-support/neon/neon_0.30.1.bb
+++ b/meta/recipes-support/neon/neon_0.30.1.bb
@@ -10,7 +10,8 @@ DEPENDS_class-native = "zlib-native libxml2-native expat-native gnutls-native"
BBCLASSEXTEND = "native"
SRC_URI = "http://www.webdav.org/${BPN}/${BPN}-${PV}.tar.gz \
- file://pkgconfig.patch"
+ file://pkgconfig.patch \
+ file://gnutls_4.3_fixup.patch"
SRC_URI[md5sum] = "231adebe5c2f78fded3e3df6e958878e"
SRC_URI[sha256sum] = "00c626c0dc18d094ab374dbd9a354915bfe4776433289386ed489c2ec0845cdd"
--
2.3.5
^ permalink raw reply related [flat|nested] 11+ messages in thread
* Re: [PATCH 2/3] gnutls: update to 3.4.1
2015-06-14 5:37 ` [PATCH 2/3] gnutls: update to 3.4.1 Armin Kuster
@ 2015-06-15 10:13 ` Burton, Ross
2015-06-15 23:18 ` akuster808
2015-06-18 15:57 ` akuster808
0 siblings, 2 replies; 11+ messages in thread
From: Burton, Ross @ 2015-06-15 10:13 UTC (permalink / raw)
To: Armin Kuster; +Cc: OE-core
[-- Attachment #1: Type: text/plain, Size: 5409 bytes --]
So this happens:
WARNING: QA Issue: gnutls-openssl rdepends on libidn, but it isn't a build
dependency? [build-deps]
WARNING: QA Issue: gnutls-xx rdepends on libidn, but it isn't a build
dependency? [build-deps]
WARNING: QA Issue: gnutls-dev rdepends on libidn, but it isn't a build
dependency? [build-deps]
WARNING: QA Issue: gnutls-bin rdepends on libidn, but it isn't a build
dependency? [build-deps]
WARNING: QA Issue: gnutls rdepends on libidn, but it isn't a build
dependency? [build-deps]
Ross
On 14 June 2015 at 06:37, Armin Kuster <akuster808@gmail.com> wrote:
> This version supports the nettle 3.x and higher and requires that version.
>
> this include a security fix:
> GNUTLS-SA-2015-2
> no CVE assigned to date.
>
> enable openssl compat via PACKAGECONFIG as iputils needs gnutls/openssl.h
>
> for migration info:
> http://www.gnutls.org/manual/gnutls.html#Upgrading-from-previous-versions
>
> Signed-off-by: Armin Kuster <akuster808@gmail.com>
> ---
> meta/recipes-support/gnutls/gnutls.inc | 3 ++-
> .../gnutls/configure.ac-fix-sed-command.patch | 29
> ++++++++++------------
> meta/recipes-support/gnutls/gnutls_3.3.14.bb | 8 ------
> meta/recipes-support/gnutls/gnutls_3.4.1.bb | 8 ++++++
> 4 files changed, 23 insertions(+), 25 deletions(-)
> delete mode 100644 meta/recipes-support/gnutls/gnutls_3.3.14.bb
> create mode 100644 meta/recipes-support/gnutls/gnutls_3.4.1.bb
>
> diff --git a/meta/recipes-support/gnutls/gnutls.inc
> b/meta/recipes-support/gnutls/gnutls.inc
> index e9b138a..6928cb9 100644
> --- a/meta/recipes-support/gnutls/gnutls.inc
> +++ b/meta/recipes-support/gnutls/gnutls.inc
> @@ -34,9 +34,10 @@ do_configure_prepend() {
> done
> }
>
> -PACKAGECONFIG ??= "zlib"
> +PACKAGECONFIG ??= "zlib openssl_compat"
> PACKAGECONFIG[tpm] = "--with-tpm, --without-tpm, trousers"
> PACKAGECONFIG[zlib] = "--with-zlib, --without-zlib, zlib"
> +PACKAGECONFIG[openssl_compat] = "--enable-openssl-compatibility,,"
>
> PACKAGES =+ "${PN}-openssl ${PN}-xx"
>
> diff --git
> a/meta/recipes-support/gnutls/gnutls/configure.ac-fix-sed-command.patch
> b/meta/recipes-support/gnutls/gnutls/configure.ac-fix-sed-command.patch
> index 44a9934..342143f 100644
> --- a/meta/recipes-support/gnutls/gnutls/configure.ac-fix-sed-command.patch
> +++ b/meta/recipes-support/gnutls/gnutls/configure.ac-fix-sed-command.patch
> @@ -13,19 +13,16 @@ Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
> configure.ac | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> -diff --git a/configure.ac b/configure.ac
> -index c6818a0..1c4582d 100644
> ---- a/configure.ac
> -+++ b/configure.ac
> -@@ -466,7 +466,7 @@ if test "$NEED_LIBOPTS_DIR" = "true";then
> - dnl replace libopts-generated files with distributed backups, if
> present
> - missing_baks=
> - for i in ${srcdir}/src/*-args.c.bak ${srcdir}/src/*-args.h.bak; do
> -- nam=`echo $i|sed 's/.bak//g'`
> -+ nam=`echo $i|sed 's/\.bak$//'`
> - if test -f $i;then
> - cp -f $i $nam
> - else
> ---
> -2.0.1
> -
> +Index: gnutls-3.4.1/configure.ac
> +===================================================================
> +--- gnutls-3.4.1.orig/configure.ac
> ++++ gnutls-3.4.1/configure.ac
> +@@ -530,7 +530,7 @@ if test "$enable_tools" != "no" || test
> + dnl replace libopts-generated files with distributed
> backups, if present
> + missing_baks=
> + for i in ${srcdir}/src/*-args.c.bak
> ${srcdir}/src/*-args.h.bak; do
> +- nam=`echo $i|sed 's/.bak//g'`
> ++ nam=`echo $i|sed 's/\.bak$//'`
> + if test -f $i;then
> + cp -f $i $nam
> + else
> diff --git a/meta/recipes-support/gnutls/gnutls_3.3.14.bb
> b/meta/recipes-support/gnutls/gnutls_3.3.14.bb
> deleted file mode 100644
> index f41d183..0000000
> --- a/meta/recipes-support/gnutls/gnutls_3.3.14.bb
> +++ /dev/null
> @@ -1,8 +0,0 @@
> -require gnutls.inc
> -
> -SRC_URI += "file://correct_rpl_gettimeofday_signature.patch \
> - file://configure.ac-fix-sed-command.patch \
> - file://use-pkg-config-to-locate-zlib.patch \
> - "
> -SRC_URI[md5sum] = "7f4465f8c564cf9cb8f5cb38b909f7ca"
> -SRC_URI[sha256sum] =
> "0dfa0030faad8909c1e904105198232d6bc0123cae8cf4933b2bac85ee7cec52"
> diff --git a/meta/recipes-support/gnutls/gnutls_3.4.1.bb
> b/meta/recipes-support/gnutls/gnutls_3.4.1.bb
> new file mode 100644
> index 0000000..1b64813
> --- /dev/null
> +++ b/meta/recipes-support/gnutls/gnutls_3.4.1.bb
> @@ -0,0 +1,8 @@
> +require gnutls.inc
> +
> +SRC_URI += "file://correct_rpl_gettimeofday_signature.patch \
> + file://configure.ac-fix-sed-command.patch \
> + file://use-pkg-config-to-locate-zlib.patch \
> + "
> +SRC_URI[md5sum] = "2d04f34fa25b45f9dcb9104c0394e12e"
> +SRC_URI[sha256sum] =
> "e9b5f58becf34756464216056cd5abbf04315eda80a374d02699dee83f80b12e"
> --
> 2.3.5
>
> --
> _______________________________________________
> Openembedded-core mailing list
> Openembedded-core@lists.openembedded.org
> http://lists.openembedded.org/mailman/listinfo/openembedded-core
>
[-- Attachment #2: Type: text/html, Size: 8100 bytes --]
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCH 2/3] gnutls: update to 3.4.1
2015-06-15 10:13 ` Burton, Ross
@ 2015-06-15 23:18 ` akuster808
2015-06-18 15:57 ` akuster808
1 sibling, 0 replies; 11+ messages in thread
From: akuster808 @ 2015-06-15 23:18 UTC (permalink / raw)
To: Burton, Ross; +Cc: OE-core
On 06/15/2015 03:13 AM, Burton, Ross wrote:
> So this happens:
>
> WARNING: QA Issue: gnutls-openssl rdepends on libidn, but it isn't a
> build dependency? [build-deps]
> WARNING: QA Issue: gnutls-xx rdepends on libidn, but it isn't a build
> dependency? [build-deps]
> WARNING: QA Issue: gnutls-dev rdepends on libidn, but it isn't a build
> dependency? [build-deps]
> WARNING: QA Issue: gnutls-bin rdepends on libidn, but it isn't a build
> dependency? [build-deps]
> WARNING: QA Issue: gnutls rdepends on libidn, but it isn't a build
> dependency? [build-deps]
Well that is a bummer. I have not seen those otherwise I would have not
submitted the request.
Thanks for the feedback.
- armin
>
> Ross
>
> On 14 June 2015 at 06:37, Armin Kuster <akuster808@gmail.com
> <mailto:akuster808@gmail.com>> wrote:
>
> This version supports the nettle 3.x and higher and requires that
> version.
>
> this include a security fix:
> GNUTLS-SA-2015-2
> no CVE assigned to date.
>
> enable openssl compat via PACKAGECONFIG as iputils needs
> gnutls/openssl.h
>
> for migration info:
> http://www.gnutls.org/manual/gnutls.html#Upgrading-from-previous-versions
>
> Signed-off-by: Armin Kuster <akuster808@gmail.com
> <mailto:akuster808@gmail.com>>
> ---
> meta/recipes-support/gnutls/gnutls.inc | 3 ++-
> .../gnutls/configure.ac-fix-sed-command.patch | 29
> ++++++++++------------
> meta/recipes-support/gnutls/gnutls_3.3.14.bb
> <http://gnutls_3.3.14.bb> | 8 ------
> meta/recipes-support/gnutls/gnutls_3.4.1.bb
> <http://gnutls_3.4.1.bb> | 8 ++++++
> 4 files changed, 23 insertions(+), 25 deletions(-)
> delete mode 100644 meta/recipes-support/gnutls/gnutls_3.3.14.bb
> <http://gnutls_3.3.14.bb>
> create mode 100644 meta/recipes-support/gnutls/gnutls_3.4.1.bb
> <http://gnutls_3.4.1.bb>
>
> diff --git a/meta/recipes-support/gnutls/gnutls.inc
> b/meta/recipes-support/gnutls/gnutls.inc
> index e9b138a..6928cb9 100644
> --- a/meta/recipes-support/gnutls/gnutls.inc
> +++ b/meta/recipes-support/gnutls/gnutls.inc
> @@ -34,9 +34,10 @@ do_configure_prepend() {
> done
> }
>
> -PACKAGECONFIG ??= "zlib"
> +PACKAGECONFIG ??= "zlib openssl_compat"
> PACKAGECONFIG[tpm] = "--with-tpm, --without-tpm, trousers"
> PACKAGECONFIG[zlib] = "--with-zlib, --without-zlib, zlib"
> +PACKAGECONFIG[openssl_compat] = "--enable-openssl-compatibility,,"
>
> PACKAGES =+ "${PN}-openssl ${PN}-xx"
>
> diff --git
> a/meta/recipes-support/gnutls/gnutls/configure.ac-fix-sed-command.patch
> b/meta/recipes-support/gnutls/gnutls/configure.ac-fix-sed-command.patch
> index 44a9934..342143f 100644
> ---
> a/meta/recipes-support/gnutls/gnutls/configure.ac-fix-sed-command.patch
> +++
> b/meta/recipes-support/gnutls/gnutls/configure.ac-fix-sed-command.patch
> @@ -13,19 +13,16 @@ Signed-off-by: Robert Yang
> <liezhi.yang@windriver.com <mailto:liezhi.yang@windriver.com>>
> configure.ac <http://configure.ac> | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> -diff --git a/configure.ac <http://configure.ac> b/configure.ac
> <http://configure.ac>
> -index c6818a0..1c4582d 100644
> ---- a/configure.ac <http://configure.ac>
> -+++ b/configure.ac <http://configure.ac>
> -@@ -466,7 +466,7 @@ if test "$NEED_LIBOPTS_DIR" = "true";then
> - dnl replace libopts-generated files with distributed
> backups, if present
> - missing_baks=
> - for i in ${srcdir}/src/*-args.c.bak
> ${srcdir}/src/*-args.h.bak; do
> -- nam=`echo $i|sed 's/.bak//g'`
> -+ nam=`echo $i|sed 's/\.bak$//'`
> - if test -f $i;then
> - cp -f $i $nam
> - else
> ---
> -2.0.1
> -
> +Index: gnutls-3.4.1/configure.ac <http://configure.ac>
> +===================================================================
> +--- gnutls-3.4.1.orig/configure.ac <http://configure.ac>
> ++++ gnutls-3.4.1/configure.ac <http://configure.ac>
> +@@ -530,7 +530,7 @@ if test "$enable_tools" != "no" || test
> + dnl replace libopts-generated files with distributed
> backups, if present
> + missing_baks=
> + for i in ${srcdir}/src/*-args.c.bak
> ${srcdir}/src/*-args.h.bak; do
> +- nam=`echo $i|sed 's/.bak//g'`
> ++ nam=`echo $i|sed 's/\.bak$//'`
> + if test -f $i;then
> + cp -f $i $nam
> + else
> diff --git a/meta/recipes-support/gnutls/gnutls_3.3.14.bb
> <http://gnutls_3.3.14.bb>
> b/meta/recipes-support/gnutls/gnutls_3.3.14.bb <http://gnutls_3.3.14.bb>
> deleted file mode 100644
> index f41d183..0000000
> --- a/meta/recipes-support/gnutls/gnutls_3.3.14.bb
> <http://gnutls_3.3.14.bb>
> +++ /dev/null
> @@ -1,8 +0,0 @@
> -require gnutls.inc
> -
> -SRC_URI += "file://correct_rpl_gettimeofday_signature.patch \
> - file://configure.ac-fix-sed-command.patch \
> - file://use-pkg-config-to-locate-zlib.patch \
> - "
> -SRC_URI[md5sum] = "7f4465f8c564cf9cb8f5cb38b909f7ca"
> -SRC_URI[sha256sum] =
> "0dfa0030faad8909c1e904105198232d6bc0123cae8cf4933b2bac85ee7cec52"
> diff --git a/meta/recipes-support/gnutls/gnutls_3.4.1.bb
> <http://gnutls_3.4.1.bb>
> b/meta/recipes-support/gnutls/gnutls_3.4.1.bb <http://gnutls_3.4.1.bb>
> new file mode 100644
> index 0000000..1b64813
> --- /dev/null
> +++ b/meta/recipes-support/gnutls/gnutls_3.4.1.bb
> <http://gnutls_3.4.1.bb>
> @@ -0,0 +1,8 @@
> +require gnutls.inc
> +
> +SRC_URI += "file://correct_rpl_gettimeofday_signature.patch \
> + file://configure.ac-fix-sed-command.patch \
> + file://use-pkg-config-to-locate-zlib.patch \
> + "
> +SRC_URI[md5sum] = "2d04f34fa25b45f9dcb9104c0394e12e"
> +SRC_URI[sha256sum] =
> "e9b5f58becf34756464216056cd5abbf04315eda80a374d02699dee83f80b12e"
> --
> 2.3.5
>
> --
> _______________________________________________
> Openembedded-core mailing list
> Openembedded-core@lists.openembedded.org
> <mailto:Openembedded-core@lists.openembedded.org>
> http://lists.openembedded.org/mailman/listinfo/openembedded-core
>
>
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCH 2/3] gnutls: update to 3.4.1
2015-06-15 10:13 ` Burton, Ross
2015-06-15 23:18 ` akuster808
@ 2015-06-18 15:57 ` akuster808
2015-06-19 9:03 ` Burton, Ross
1 sibling, 1 reply; 11+ messages in thread
From: akuster808 @ 2015-06-18 15:57 UTC (permalink / raw)
To: Burton, Ross; +Cc: OE-core
Ross,
I could not reproduce these warnings but found a configure option to
build without libidn so I added that in my last submit.
Thanks again,
kind regards,
Armin
On 06/15/2015 03:13 AM, Burton, Ross wrote:
> So this happens:
>
> WARNING: QA Issue: gnutls-openssl rdepends on libidn, but it isn't a
> build dependency? [build-deps]
> WARNING: QA Issue: gnutls-xx rdepends on libidn, but it isn't a build
> dependency? [build-deps]
> WARNING: QA Issue: gnutls-dev rdepends on libidn, but it isn't a build
> dependency? [build-deps]
> WARNING: QA Issue: gnutls-bin rdepends on libidn, but it isn't a build
> dependency? [build-deps]
> WARNING: QA Issue: gnutls rdepends on libidn, but it isn't a build
> dependency? [build-deps]
>
> Ross
>
> On 14 June 2015 at 06:37, Armin Kuster <akuster808@gmail.com
> <mailto:akuster808@gmail.com>> wrote:
>
> This version supports the nettle 3.x and higher and requires that
> version.
>
> this include a security fix:
> GNUTLS-SA-2015-2
> no CVE assigned to date.
>
> enable openssl compat via PACKAGECONFIG as iputils needs
> gnutls/openssl.h
>
> for migration info:
> http://www.gnutls.org/manual/gnutls.html#Upgrading-from-previous-versions
>
> Signed-off-by: Armin Kuster <akuster808@gmail.com
> <mailto:akuster808@gmail.com>>
> ---
> meta/recipes-support/gnutls/gnutls.inc | 3 ++-
> .../gnutls/configure.ac-fix-sed-command.patch | 29
> ++++++++++------------
> meta/recipes-support/gnutls/gnutls_3.3.14.bb
> <http://gnutls_3.3.14.bb> | 8 ------
> meta/recipes-support/gnutls/gnutls_3.4.1.bb
> <http://gnutls_3.4.1.bb> | 8 ++++++
> 4 files changed, 23 insertions(+), 25 deletions(-)
> delete mode 100644 meta/recipes-support/gnutls/gnutls_3.3.14.bb
> <http://gnutls_3.3.14.bb>
> create mode 100644 meta/recipes-support/gnutls/gnutls_3.4.1.bb
> <http://gnutls_3.4.1.bb>
>
> diff --git a/meta/recipes-support/gnutls/gnutls.inc
> b/meta/recipes-support/gnutls/gnutls.inc
> index e9b138a..6928cb9 100644
> --- a/meta/recipes-support/gnutls/gnutls.inc
> +++ b/meta/recipes-support/gnutls/gnutls.inc
> @@ -34,9 +34,10 @@ do_configure_prepend() {
> done
> }
>
> -PACKAGECONFIG ??= "zlib"
> +PACKAGECONFIG ??= "zlib openssl_compat"
> PACKAGECONFIG[tpm] = "--with-tpm, --without-tpm, trousers"
> PACKAGECONFIG[zlib] = "--with-zlib, --without-zlib, zlib"
> +PACKAGECONFIG[openssl_compat] = "--enable-openssl-compatibility,,"
>
> PACKAGES =+ "${PN}-openssl ${PN}-xx"
>
> diff --git
> a/meta/recipes-support/gnutls/gnutls/configure.ac-fix-sed-command.patch
> b/meta/recipes-support/gnutls/gnutls/configure.ac-fix-sed-command.patch
> index 44a9934..342143f 100644
> ---
> a/meta/recipes-support/gnutls/gnutls/configure.ac-fix-sed-command.patch
> +++
> b/meta/recipes-support/gnutls/gnutls/configure.ac-fix-sed-command.patch
> @@ -13,19 +13,16 @@ Signed-off-by: Robert Yang
> <liezhi.yang@windriver.com <mailto:liezhi.yang@windriver.com>>
> configure.ac <http://configure.ac> | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> -diff --git a/configure.ac <http://configure.ac> b/configure.ac
> <http://configure.ac>
> -index c6818a0..1c4582d 100644
> ---- a/configure.ac <http://configure.ac>
> -+++ b/configure.ac <http://configure.ac>
> -@@ -466,7 +466,7 @@ if test "$NEED_LIBOPTS_DIR" = "true";then
> - dnl replace libopts-generated files with distributed
> backups, if present
> - missing_baks=
> - for i in ${srcdir}/src/*-args.c.bak
> ${srcdir}/src/*-args.h.bak; do
> -- nam=`echo $i|sed 's/.bak//g'`
> -+ nam=`echo $i|sed 's/\.bak$//'`
> - if test -f $i;then
> - cp -f $i $nam
> - else
> ---
> -2.0.1
> -
> +Index: gnutls-3.4.1/configure.ac <http://configure.ac>
> +===================================================================
> +--- gnutls-3.4.1.orig/configure.ac <http://configure.ac>
> ++++ gnutls-3.4.1/configure.ac <http://configure.ac>
> +@@ -530,7 +530,7 @@ if test "$enable_tools" != "no" || test
> + dnl replace libopts-generated files with distributed
> backups, if present
> + missing_baks=
> + for i in ${srcdir}/src/*-args.c.bak
> ${srcdir}/src/*-args.h.bak; do
> +- nam=`echo $i|sed 's/.bak//g'`
> ++ nam=`echo $i|sed 's/\.bak$//'`
> + if test -f $i;then
> + cp -f $i $nam
> + else
> diff --git a/meta/recipes-support/gnutls/gnutls_3.3.14.bb
> <http://gnutls_3.3.14.bb>
> b/meta/recipes-support/gnutls/gnutls_3.3.14.bb <http://gnutls_3.3.14.bb>
> deleted file mode 100644
> index f41d183..0000000
> --- a/meta/recipes-support/gnutls/gnutls_3.3.14.bb
> <http://gnutls_3.3.14.bb>
> +++ /dev/null
> @@ -1,8 +0,0 @@
> -require gnutls.inc
> -
> -SRC_URI += "file://correct_rpl_gettimeofday_signature.patch \
> - file://configure.ac-fix-sed-command.patch \
> - file://use-pkg-config-to-locate-zlib.patch \
> - "
> -SRC_URI[md5sum] = "7f4465f8c564cf9cb8f5cb38b909f7ca"
> -SRC_URI[sha256sum] =
> "0dfa0030faad8909c1e904105198232d6bc0123cae8cf4933b2bac85ee7cec52"
> diff --git a/meta/recipes-support/gnutls/gnutls_3.4.1.bb
> <http://gnutls_3.4.1.bb>
> b/meta/recipes-support/gnutls/gnutls_3.4.1.bb <http://gnutls_3.4.1.bb>
> new file mode 100644
> index 0000000..1b64813
> --- /dev/null
> +++ b/meta/recipes-support/gnutls/gnutls_3.4.1.bb
> <http://gnutls_3.4.1.bb>
> @@ -0,0 +1,8 @@
> +require gnutls.inc
> +
> +SRC_URI += "file://correct_rpl_gettimeofday_signature.patch \
> + file://configure.ac-fix-sed-command.patch \
> + file://use-pkg-config-to-locate-zlib.patch \
> + "
> +SRC_URI[md5sum] = "2d04f34fa25b45f9dcb9104c0394e12e"
> +SRC_URI[sha256sum] =
> "e9b5f58becf34756464216056cd5abbf04315eda80a374d02699dee83f80b12e"
> --
> 2.3.5
>
> --
> _______________________________________________
> Openembedded-core mailing list
> Openembedded-core@lists.openembedded.org
> <mailto:Openembedded-core@lists.openembedded.org>
> http://lists.openembedded.org/mailman/listinfo/openembedded-core
>
>
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCH 2/3] gnutls: update to 3.4.1
2015-06-18 15:57 ` akuster808
@ 2015-06-19 9:03 ` Burton, Ross
0 siblings, 0 replies; 11+ messages in thread
From: Burton, Ross @ 2015-06-19 9:03 UTC (permalink / raw)
To: akuster808; +Cc: OE-core
[-- Attachment #1: Type: text/plain, Size: 308 bytes --]
On 18 June 2015 at 16:57, akuster808 <akuster808@gmail.com> wrote:
> I could not reproduce these warnings but found a configure option to
> build without libidn so I added that in my last submit.
>
It would be a simple:
$ bitbake libidn
$ bitbake gnutls -ccleansstate
$ bitbake gnutls
Ross
[-- Attachment #2: Type: text/html, Size: 811 bytes --]
^ permalink raw reply [flat|nested] 11+ messages in thread
* [PATCH 3/3] neon: fix compat issues with gnutls 4.3
2015-06-23 1:37 ` [PATCH 0/3] Update gnutls 3.4.1 Armin Kuster
@ 2015-06-23 1:37 ` Armin Kuster
0 siblings, 0 replies; 11+ messages in thread
From: Armin Kuster @ 2015-06-23 1:37 UTC (permalink / raw)
To: openembedded-core
V2: fix missing 4.3 work around
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
.../neon/neon/gnutls_4.3_fixup.patch | 68 ++++++++++++++++++++++
meta/recipes-support/neon/neon_0.30.1.bb | 3 +-
2 files changed, 70 insertions(+), 1 deletion(-)
create mode 100644 meta/recipes-support/neon/neon/gnutls_4.3_fixup.patch
diff --git a/meta/recipes-support/neon/neon/gnutls_4.3_fixup.patch b/meta/recipes-support/neon/neon/gnutls_4.3_fixup.patch
new file mode 100644
index 0000000..a76560a
--- /dev/null
+++ b/meta/recipes-support/neon/neon/gnutls_4.3_fixup.patch
@@ -0,0 +1,68 @@
+replace deprecated GnuTLS functions with newer ones if available
+
+Upstream Status: Pending
+
+Signed-off-by: Armin Kuster <akuster808@gmail.com>
+
+Index: neon-0.30.1/macros/neon.m4
+===================================================================
+--- neon-0.30.1.orig/macros/neon.m4
++++ neon-0.30.1/macros/neon.m4
+@@ -987,6 +987,10 @@ gnutls)
+ gnutls_certificate_get_x509_cas \
+ gnutls_x509_crt_sign2])
+
++ # gnutls 4.3 check
++ AC_CHECK_LIB(gnutls, gnutls_global_init)
++ AC_CHECK_FUNCS(gnutls_certificate_set_retrieve_function,,)
++
+ # fail if gnutls_x509_crt_sign2 is not found (it was introduced in 1.2.0, which is required)
+ if test x${ac_cv_func_gnutls_x509_crt_sign2} != xyes; then
+ AC_MSG_ERROR([GnuTLS version predates gnutls_x509_crt_sign2, newer version required (at least 1.2.0)])
+Index: neon-0.30.1/src/ne_gnutls.c
+===================================================================
+--- neon-0.30.1.orig/src/ne_gnutls.c
++++ neon-0.30.1/src/ne_gnutls.c
+@@ -553,7 +553,13 @@ dup_error:
+ static int provide_client_cert(gnutls_session_t session,
+ const gnutls_datum_t *req_ca_rdn, int nreqs,
+ const gnutls_pk_algorithm_t *sign_algos,
+- int sign_algos_length, gnutls_retr_st *st)
++ int sign_algos_length,
++#if HAVE_GNUTLS_CERTIFICATE_SET_RETRIEVE_FUNCTION
++ gnutls_retr2_st* st
++#else
++ gnutls_retr_st *st
++#endif
++ )
+ {
+ ne_session *sess = gnutls_session_get_ptr(session);
+
+@@ -617,8 +623,11 @@ static int provide_client_cert(gnutls_se
+ #endif
+ ) {
+ NE_DEBUG(NE_DBG_SSL, "Supplying client certificate.\n");
+-
++#if HAVE_GNUTLS_CERTIFICATE_SET_RETRIEVE_FUNCTION
++ st->cert_type = type;
++#else
+ st->type = type;
++#endif
+ st->ncerts = 1;
+ st->cert.x509 = &sess->client_cert->cert.subject;
+ st->key.x509 = sess->client_cert->pkey;
+@@ -649,8 +658,14 @@ ne_ssl_context *ne_ssl_context_create(in
+ ne_ssl_context *ctx = ne_calloc(sizeof *ctx);
+ gnutls_certificate_allocate_credentials(&ctx->cred);
+ if (flags == NE_SSL_CTX_CLIENT) {
++
++#if HAVE_GNUTLS_CERTIFICATE_SET_RETRIEVE_FUNCTION
++ gnutls_certificate_set_retrieve_function(ctx->cred,
++ provide_client_cert);
++#else
+ gnutls_certificate_client_set_retrieve_function(ctx->cred,
+ provide_client_cert);
++#endif
+ }
+ gnutls_certificate_set_verify_flags(ctx->cred,
+ GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT);
diff --git a/meta/recipes-support/neon/neon_0.30.1.bb b/meta/recipes-support/neon/neon_0.30.1.bb
index fd170bc..0244314 100644
--- a/meta/recipes-support/neon/neon_0.30.1.bb
+++ b/meta/recipes-support/neon/neon_0.30.1.bb
@@ -10,7 +10,8 @@ DEPENDS_class-native = "zlib-native libxml2-native expat-native gnutls-native"
BBCLASSEXTEND = "native"
SRC_URI = "http://www.webdav.org/${BPN}/${BPN}-${PV}.tar.gz \
- file://pkgconfig.patch"
+ file://pkgconfig.patch \
+ file://gnutls_4.3_fixup.patch"
SRC_URI[md5sum] = "231adebe5c2f78fded3e3df6e958878e"
SRC_URI[sha256sum] = "00c626c0dc18d094ab374dbd9a354915bfe4776433289386ed489c2ec0845cdd"
--
1.9.1
^ permalink raw reply related [flat|nested] 11+ messages in thread
* [PATCH 3/3] neon: fix compat issues with gnutls 4.3
2015-06-18 4:50 [PATCH 0/3] [v3] Gntls update to 4.3.1 Armin Kuster
@ 2015-06-18 4:50 ` Armin Kuster
0 siblings, 0 replies; 11+ messages in thread
From: Armin Kuster @ 2015-06-18 4:50 UTC (permalink / raw)
To: openembedded-core
V2: fix missing 4.3 work around
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
.../neon/neon/gnutls_4.3_fixup.patch | 68 ++++++++++++++++++++++
meta/recipes-support/neon/neon_0.30.1.bb | 3 +-
2 files changed, 70 insertions(+), 1 deletion(-)
create mode 100644 meta/recipes-support/neon/neon/gnutls_4.3_fixup.patch
diff --git a/meta/recipes-support/neon/neon/gnutls_4.3_fixup.patch b/meta/recipes-support/neon/neon/gnutls_4.3_fixup.patch
new file mode 100644
index 0000000..a76560a
--- /dev/null
+++ b/meta/recipes-support/neon/neon/gnutls_4.3_fixup.patch
@@ -0,0 +1,68 @@
+replace deprecated GnuTLS functions with newer ones if available
+
+Upstream Status: Pending
+
+Signed-off-by: Armin Kuster <akuster808@gmail.com>
+
+Index: neon-0.30.1/macros/neon.m4
+===================================================================
+--- neon-0.30.1.orig/macros/neon.m4
++++ neon-0.30.1/macros/neon.m4
+@@ -987,6 +987,10 @@ gnutls)
+ gnutls_certificate_get_x509_cas \
+ gnutls_x509_crt_sign2])
+
++ # gnutls 4.3 check
++ AC_CHECK_LIB(gnutls, gnutls_global_init)
++ AC_CHECK_FUNCS(gnutls_certificate_set_retrieve_function,,)
++
+ # fail if gnutls_x509_crt_sign2 is not found (it was introduced in 1.2.0, which is required)
+ if test x${ac_cv_func_gnutls_x509_crt_sign2} != xyes; then
+ AC_MSG_ERROR([GnuTLS version predates gnutls_x509_crt_sign2, newer version required (at least 1.2.0)])
+Index: neon-0.30.1/src/ne_gnutls.c
+===================================================================
+--- neon-0.30.1.orig/src/ne_gnutls.c
++++ neon-0.30.1/src/ne_gnutls.c
+@@ -553,7 +553,13 @@ dup_error:
+ static int provide_client_cert(gnutls_session_t session,
+ const gnutls_datum_t *req_ca_rdn, int nreqs,
+ const gnutls_pk_algorithm_t *sign_algos,
+- int sign_algos_length, gnutls_retr_st *st)
++ int sign_algos_length,
++#if HAVE_GNUTLS_CERTIFICATE_SET_RETRIEVE_FUNCTION
++ gnutls_retr2_st* st
++#else
++ gnutls_retr_st *st
++#endif
++ )
+ {
+ ne_session *sess = gnutls_session_get_ptr(session);
+
+@@ -617,8 +623,11 @@ static int provide_client_cert(gnutls_se
+ #endif
+ ) {
+ NE_DEBUG(NE_DBG_SSL, "Supplying client certificate.\n");
+-
++#if HAVE_GNUTLS_CERTIFICATE_SET_RETRIEVE_FUNCTION
++ st->cert_type = type;
++#else
+ st->type = type;
++#endif
+ st->ncerts = 1;
+ st->cert.x509 = &sess->client_cert->cert.subject;
+ st->key.x509 = sess->client_cert->pkey;
+@@ -649,8 +658,14 @@ ne_ssl_context *ne_ssl_context_create(in
+ ne_ssl_context *ctx = ne_calloc(sizeof *ctx);
+ gnutls_certificate_allocate_credentials(&ctx->cred);
+ if (flags == NE_SSL_CTX_CLIENT) {
++
++#if HAVE_GNUTLS_CERTIFICATE_SET_RETRIEVE_FUNCTION
++ gnutls_certificate_set_retrieve_function(ctx->cred,
++ provide_client_cert);
++#else
+ gnutls_certificate_client_set_retrieve_function(ctx->cred,
+ provide_client_cert);
++#endif
+ }
+ gnutls_certificate_set_verify_flags(ctx->cred,
+ GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT);
diff --git a/meta/recipes-support/neon/neon_0.30.1.bb b/meta/recipes-support/neon/neon_0.30.1.bb
index fd170bc..0244314 100644
--- a/meta/recipes-support/neon/neon_0.30.1.bb
+++ b/meta/recipes-support/neon/neon_0.30.1.bb
@@ -10,7 +10,8 @@ DEPENDS_class-native = "zlib-native libxml2-native expat-native gnutls-native"
BBCLASSEXTEND = "native"
SRC_URI = "http://www.webdav.org/${BPN}/${BPN}-${PV}.tar.gz \
- file://pkgconfig.patch"
+ file://pkgconfig.patch \
+ file://gnutls_4.3_fixup.patch"
SRC_URI[md5sum] = "231adebe5c2f78fded3e3df6e958878e"
SRC_URI[sha256sum] = "00c626c0dc18d094ab374dbd9a354915bfe4776433289386ed489c2ec0845cdd"
--
1.9.1
^ permalink raw reply related [flat|nested] 11+ messages in thread
* [PATCH 3/3] neon: fix compat issues with gnutls 4.3
2015-06-09 19:30 [PATCH 0/3] gnutls update to 3.4.1 Armin Kuster
@ 2015-06-09 19:30 ` Armin Kuster
0 siblings, 0 replies; 11+ messages in thread
From: Armin Kuster @ 2015-06-09 19:30 UTC (permalink / raw)
To: openembedded-core
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
.../neon/neon/gnutls_4.3_fixup.patch | 53 ++++++++++++++++++++++
meta/recipes-support/neon/neon_0.30.1.bb | 3 +-
2 files changed, 55 insertions(+), 1 deletion(-)
create mode 100644 meta/recipes-support/neon/neon/gnutls_4.3_fixup.patch
diff --git a/meta/recipes-support/neon/neon/gnutls_4.3_fixup.patch b/meta/recipes-support/neon/neon/gnutls_4.3_fixup.patch
new file mode 100644
index 0000000..0020330
--- /dev/null
+++ b/meta/recipes-support/neon/neon/gnutls_4.3_fixup.patch
@@ -0,0 +1,53 @@
+replace deprecated GnuTLS functions with newer ones if available
+
+Upstream Status: Pending
+
+Signed-off-by: Armin Kuster <akuster808@gmail.com>
+
+Index: neon-0.30.1/macros/neon.m4
+===================================================================
+--- neon-0.30.1.orig/macros/neon.m4
++++ neon-0.30.1/macros/neon.m4
+@@ -987,6 +987,10 @@ gnutls)
+ gnutls_certificate_get_x509_cas \
+ gnutls_x509_crt_sign2])
+
++ # gnutls 4.3 check
++ AC_CHECK_LIB(gnutls, gnutls_global_init)
++ AC_CHECK_FUNCS(gnutls_certificate_set_retrieve_function,,)
++
+ # fail if gnutls_x509_crt_sign2 is not found (it was introduced in 1.2.0, which is required)
+ if test x${ac_cv_func_gnutls_x509_crt_sign2} != xyes; then
+ AC_MSG_ERROR([GnuTLS version predates gnutls_x509_crt_sign2, newer version required (at least 1.2.0)])
+Index: neon-0.30.1/src/ne_gnutls.c
+===================================================================
+--- neon-0.30.1.orig/src/ne_gnutls.c
++++ neon-0.30.1/src/ne_gnutls.c
+@@ -553,7 +553,13 @@ dup_error:
+ static int provide_client_cert(gnutls_session_t session,
+ const gnutls_datum_t *req_ca_rdn, int nreqs,
+ const gnutls_pk_algorithm_t *sign_algos,
+- int sign_algos_length, gnutls_retr_st *st)
++ int sign_algos_length,
++#if HAVE_GNUTLS_CERTIFICATE_SET_RETRIEVE_FUNCTION
++ gnutls_retr2_st* st
++#else
++ gnutls_retr_st *st
++#endif
++ )
+ {
+ ne_session *sess = gnutls_session_get_ptr(session);
+
+@@ -617,8 +623,11 @@ static int provide_client_cert(gnutls_se
+ #endif
+ ) {
+ NE_DEBUG(NE_DBG_SSL, "Supplying client certificate.\n");
+-
++#if HAVE_GNUTLS_CERTIFICATE_SET_RETRIEVE_FUNCTION
++ st->cert_type = type;
++#else
+ st->type = type;
++#endif
+ st->ncerts = 1;
+ st->cert.x509 = &sess->client_cert->cert.subject;
+ st->key.x509 = sess->client_cert->pkey;
diff --git a/meta/recipes-support/neon/neon_0.30.1.bb b/meta/recipes-support/neon/neon_0.30.1.bb
index 9245244..bac5bac 100644
--- a/meta/recipes-support/neon/neon_0.30.1.bb
+++ b/meta/recipes-support/neon/neon_0.30.1.bb
@@ -10,7 +10,8 @@ DEPENDS_class-native = "zlib-native libxml2-native expat-native gnutls-native"
BBCLASSEXTEND = "native"
SRC_URI = "http://www.webdav.org/${BPN}/${BPN}-${PV}.tar.gz \
- file://pkgconfig.patch"
+ file://pkgconfig.patch \
+ file://gnutls_4.3_fixup.patch"
SRC_URI[md5sum] = "231adebe5c2f78fded3e3df6e958878e"
SRC_URI[sha256sum] = "00c626c0dc18d094ab374dbd9a354915bfe4776433289386ed489c2ec0845cdd"
--
2.3.5
^ permalink raw reply related [flat|nested] 11+ messages in thread
end of thread, other threads:[~2015-06-23 1:38 UTC | newest]
Thread overview: 11+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-06-14 5:37 [PATCH 0/3] Gnutls update 4.2 V2 Armin Kuster
2015-06-14 5:37 ` [PATCH 1/3] nettle: update package to 3.1.1 version Armin Kuster
2015-06-14 5:37 ` [PATCH 2/3] gnutls: update to 3.4.1 Armin Kuster
2015-06-15 10:13 ` Burton, Ross
2015-06-15 23:18 ` akuster808
2015-06-18 15:57 ` akuster808
2015-06-19 9:03 ` Burton, Ross
2015-06-14 5:37 ` [PATCH 3/3] neon: fix compat issues with gnutls 4.3 Armin Kuster
-- strict thread matches above, loose matches on Subject: below --
2015-06-23 1:37 [PATCH 1/3] nettle: update package to 3.1.1 version Armin Kuster
2015-06-23 1:37 ` [PATCH 0/3] Update gnutls 3.4.1 Armin Kuster
2015-06-23 1:37 ` [PATCH 3/3] neon: fix compat issues with gnutls 4.3 Armin Kuster
2015-06-18 4:50 [PATCH 0/3] [v3] Gntls update to 4.3.1 Armin Kuster
2015-06-18 4:50 ` [PATCH 3/3] neon: fix compat issues with gnutls 4.3 Armin Kuster
2015-06-09 19:30 [PATCH 0/3] gnutls update to 3.4.1 Armin Kuster
2015-06-09 19:30 ` [PATCH 3/3] neon: fix compat issues with gnutls 4.3 Armin Kuster
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.