* [PATCH 0/3] Gntls update to 4.3.1
@ 2015-06-04 19:37 Armin Kuster
2015-06-04 19:37 ` [PATCH 1/3] nettle: update package to 3.1.1 version Armin Kuster
` (2 more replies)
0 siblings, 3 replies; 6+ messages in thread
From: Armin Kuster @ 2015-06-04 19:37 UTC (permalink / raw)
To: openembedded-core
THe nettle and gnutls updates must be done as a pair.
The following changes since commit 6dc53d3694d555147b272d18678fcf908ddced32:
bitbake: fixup 6 (2015-06-03 17:37:08 +0100)
are available in the git repository at:
git://git.yoctoproject.org/poky-contrib akuster/gnutls-update
http://git.yoctoproject.org/cgit.cgi//log/?h=akuster/gntls-update
Armin Kuster (3):
nettle: update package to 3.1.1 version.
gnutls: update to 3.4.1
neon: build fix
meta/recipes-support/gnutls/gnutls.inc | 3 +-
.../gnutls/configure.ac-fix-sed-command.patch | 29 ++++++------
meta/recipes-support/gnutls/gnutls_3.3.14.bb | 8 ----
meta/recipes-support/gnutls/gnutls_3.4.1.bb | 8 ++++
.../neon/neon/gnutls_4.3_fixup.patch | 53 ++++++++++++++++++++++
meta/recipes-support/neon/neon_0.30.1.bb | 3 +-
.../nettle/{nettle_2.7.1.bb => nettle_3.1.1.bb} | 12 ++---
7 files changed, 84 insertions(+), 32 deletions(-)
delete mode 100644 meta/recipes-support/gnutls/gnutls_3.3.14.bb
create mode 100644 meta/recipes-support/gnutls/gnutls_3.4.1.bb
create mode 100644 meta/recipes-support/neon/neon/gnutls_4.3_fixup.patch
rename meta/recipes-support/nettle/{nettle_2.7.1.bb => nettle_3.1.1.bb} (48%)
--
1.9.1
^ permalink raw reply [flat|nested] 6+ messages in thread
* [PATCH 1/3] nettle: update package to 3.1.1 version.
2015-06-04 19:37 [PATCH 0/3] Gntls update to 4.3.1 Armin Kuster
@ 2015-06-04 19:37 ` Armin Kuster
2015-06-04 19:37 ` [PATCH 2/3] gnutls: update to 3.4.1 Armin Kuster
2015-06-04 19:37 ` [PATCH 3/3] neon: build fix Armin Kuster
2 siblings, 0 replies; 6+ messages in thread
From: Armin Kuster @ 2015-06-04 19:37 UTC (permalink / raw)
To: openembedded-core
this requires the gnutls 3.4.1 update or the current gnutils build will break.
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
.../nettle/{nettle_2.7.1.bb => nettle_3.1.1.bb} | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
rename meta/recipes-support/nettle/{nettle_2.7.1.bb => nettle_3.1.1.bb} (48%)
diff --git a/meta/recipes-support/nettle/nettle_2.7.1.bb b/meta/recipes-support/nettle/nettle_3.1.1.bb
similarity index 48%
rename from meta/recipes-support/nettle/nettle_2.7.1.bb
rename to meta/recipes-support/nettle/nettle_3.1.1.bb
index f53afcc..ce5e756 100644
--- a/meta/recipes-support/nettle/nettle_2.7.1.bb
+++ b/meta/recipes-support/nettle/nettle_3.1.1.bb
@@ -1,17 +1,17 @@
SUMMARY = "A low level cryptographic library"
HOMEPAGE = "http://www.lysator.liu.se/~nisse/nettle/"
SECTION = "libs"
-LICENSE = "LGPLv2.1 & GPLv2"
-LIC_FILES_CHKSUM = "file://COPYING.LIB;md5=2d5025d4aa3495befef8f17206a5b0a1 \
- file://serpent-decrypt.c;beginline=53;endline=67;md5=bcfd4745d53ca57f82907089898e390d \
- file://serpent-set-key.c;beginline=56;endline=70;md5=bcfd4745d53ca57f82907089898e390d"
+LICENSE = "GPLv2+ & GPLv3 & LGPLv3+"
+LIC_FILES_CHKSUM = "file://COPYINGv2;beginline=1;endline=2;md5=c70d8d3310941dcdfcd1e02800a1f548 \
+ file://COPYINGv3;beginline=1;endline=2;md5=d1c727712ceba52db52e0ee449cadf43 \
+ file://COPYING.LESSERv3;beginline=1;endline=2;md5=ff44a06d461487fb65f84ad672a1d1c8"
DEPENDS += "gmp"
SRC_URI = "http://www.lysator.liu.se/~nisse/archive/${BP}.tar.gz"
-SRC_URI[md5sum] = "003d5147911317931dd453520eb234a5"
-SRC_URI[sha256sum] = "bc71ebd43435537d767799e414fce88e521b7278d48c860651216e1fc6555b40"
+SRC_URI[md5sum] = "b40fa88dc32f37a182b6b42092ebb144"
+SRC_URI[sha256sum] = "5fd4d25d64d8ddcb85d0d897572af73b05b4d163c6cc49438a5bfbb8ff293d4c"
EXTRA_OECONF = "--disable-openssl"
--
1.9.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [PATCH 2/3] gnutls: update to 3.4.1
2015-06-04 19:37 [PATCH 0/3] Gntls update to 4.3.1 Armin Kuster
2015-06-04 19:37 ` [PATCH 1/3] nettle: update package to 3.1.1 version Armin Kuster
@ 2015-06-04 19:37 ` Armin Kuster
2015-06-04 19:37 ` [PATCH 3/3] neon: build fix Armin Kuster
2 siblings, 0 replies; 6+ messages in thread
From: Armin Kuster @ 2015-06-04 19:37 UTC (permalink / raw)
To: openembedded-core
This version supports the nettle 3.x and higher and requires that version.
this include a security fix:
GNUTLS-SA-2015-2
no CVE assigned to date.
enable openssl compat via PACKAGECONFIG as iputils needs gnutls/openssl.h
for migration info:
http://www.gnutls.org/manual/gnutls.html#Upgrading-from-previous-versions
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
meta/recipes-support/gnutls/gnutls.inc | 3 ++-
.../gnutls/configure.ac-fix-sed-command.patch | 29 ++++++++++------------
meta/recipes-support/gnutls/gnutls_3.3.14.bb | 8 ------
meta/recipes-support/gnutls/gnutls_3.4.1.bb | 8 ++++++
4 files changed, 23 insertions(+), 25 deletions(-)
delete mode 100644 meta/recipes-support/gnutls/gnutls_3.3.14.bb
create mode 100644 meta/recipes-support/gnutls/gnutls_3.4.1.bb
diff --git a/meta/recipes-support/gnutls/gnutls.inc b/meta/recipes-support/gnutls/gnutls.inc
index e9b138a..6928cb9 100644
--- a/meta/recipes-support/gnutls/gnutls.inc
+++ b/meta/recipes-support/gnutls/gnutls.inc
@@ -34,9 +34,10 @@ do_configure_prepend() {
done
}
-PACKAGECONFIG ??= "zlib"
+PACKAGECONFIG ??= "zlib openssl_compat"
PACKAGECONFIG[tpm] = "--with-tpm, --without-tpm, trousers"
PACKAGECONFIG[zlib] = "--with-zlib, --without-zlib, zlib"
+PACKAGECONFIG[openssl_compat] = "--enable-openssl-compatibility,,"
PACKAGES =+ "${PN}-openssl ${PN}-xx"
diff --git a/meta/recipes-support/gnutls/gnutls/configure.ac-fix-sed-command.patch b/meta/recipes-support/gnutls/gnutls/configure.ac-fix-sed-command.patch
index 44a9934..342143f 100644
--- a/meta/recipes-support/gnutls/gnutls/configure.ac-fix-sed-command.patch
+++ b/meta/recipes-support/gnutls/gnutls/configure.ac-fix-sed-command.patch
@@ -13,19 +13,16 @@ Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
configure.ac | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
-diff --git a/configure.ac b/configure.ac
-index c6818a0..1c4582d 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -466,7 +466,7 @@ if test "$NEED_LIBOPTS_DIR" = "true";then
- dnl replace libopts-generated files with distributed backups, if present
- missing_baks=
- for i in ${srcdir}/src/*-args.c.bak ${srcdir}/src/*-args.h.bak; do
-- nam=`echo $i|sed 's/.bak//g'`
-+ nam=`echo $i|sed 's/\.bak$//'`
- if test -f $i;then
- cp -f $i $nam
- else
---
-2.0.1
-
+Index: gnutls-3.4.1/configure.ac
+===================================================================
+--- gnutls-3.4.1.orig/configure.ac
++++ gnutls-3.4.1/configure.ac
+@@ -530,7 +530,7 @@ if test "$enable_tools" != "no" || test
+ dnl replace libopts-generated files with distributed backups, if present
+ missing_baks=
+ for i in ${srcdir}/src/*-args.c.bak ${srcdir}/src/*-args.h.bak; do
+- nam=`echo $i|sed 's/.bak//g'`
++ nam=`echo $i|sed 's/\.bak$//'`
+ if test -f $i;then
+ cp -f $i $nam
+ else
diff --git a/meta/recipes-support/gnutls/gnutls_3.3.14.bb b/meta/recipes-support/gnutls/gnutls_3.3.14.bb
deleted file mode 100644
index f41d183..0000000
--- a/meta/recipes-support/gnutls/gnutls_3.3.14.bb
+++ /dev/null
@@ -1,8 +0,0 @@
-require gnutls.inc
-
-SRC_URI += "file://correct_rpl_gettimeofday_signature.patch \
- file://configure.ac-fix-sed-command.patch \
- file://use-pkg-config-to-locate-zlib.patch \
- "
-SRC_URI[md5sum] = "7f4465f8c564cf9cb8f5cb38b909f7ca"
-SRC_URI[sha256sum] = "0dfa0030faad8909c1e904105198232d6bc0123cae8cf4933b2bac85ee7cec52"
diff --git a/meta/recipes-support/gnutls/gnutls_3.4.1.bb b/meta/recipes-support/gnutls/gnutls_3.4.1.bb
new file mode 100644
index 0000000..1b64813
--- /dev/null
+++ b/meta/recipes-support/gnutls/gnutls_3.4.1.bb
@@ -0,0 +1,8 @@
+require gnutls.inc
+
+SRC_URI += "file://correct_rpl_gettimeofday_signature.patch \
+ file://configure.ac-fix-sed-command.patch \
+ file://use-pkg-config-to-locate-zlib.patch \
+ "
+SRC_URI[md5sum] = "2d04f34fa25b45f9dcb9104c0394e12e"
+SRC_URI[sha256sum] = "e9b5f58becf34756464216056cd5abbf04315eda80a374d02699dee83f80b12e"
--
1.9.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [PATCH 3/3] neon: build fix
2015-06-04 19:37 [PATCH 0/3] Gntls update to 4.3.1 Armin Kuster
2015-06-04 19:37 ` [PATCH 1/3] nettle: update package to 3.1.1 version Armin Kuster
2015-06-04 19:37 ` [PATCH 2/3] gnutls: update to 3.4.1 Armin Kuster
@ 2015-06-04 19:37 ` Armin Kuster
2015-06-09 19:02 ` Burton, Ross
2 siblings, 1 reply; 6+ messages in thread
From: Armin Kuster @ 2015-06-04 19:37 UTC (permalink / raw)
To: openembedded-core
fixup to allow building with api changes in gnutls.
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
.../neon/neon/gnutls_4.3_fixup.patch | 53 ++++++++++++++++++++++
meta/recipes-support/neon/neon_0.30.1.bb | 3 +-
2 files changed, 55 insertions(+), 1 deletion(-)
create mode 100644 meta/recipes-support/neon/neon/gnutls_4.3_fixup.patch
diff --git a/meta/recipes-support/neon/neon/gnutls_4.3_fixup.patch b/meta/recipes-support/neon/neon/gnutls_4.3_fixup.patch
new file mode 100644
index 0000000..0020330
--- /dev/null
+++ b/meta/recipes-support/neon/neon/gnutls_4.3_fixup.patch
@@ -0,0 +1,53 @@
+replace deprecated GnuTLS functions with newer ones if available
+
+Upstream Status: Pending
+
+Signed-off-by: Armin Kuster <akuster808@gmail.com>
+
+Index: neon-0.30.1/macros/neon.m4
+===================================================================
+--- neon-0.30.1.orig/macros/neon.m4
++++ neon-0.30.1/macros/neon.m4
+@@ -987,6 +987,10 @@ gnutls)
+ gnutls_certificate_get_x509_cas \
+ gnutls_x509_crt_sign2])
+
++ # gnutls 4.3 check
++ AC_CHECK_LIB(gnutls, gnutls_global_init)
++ AC_CHECK_FUNCS(gnutls_certificate_set_retrieve_function,,)
++
+ # fail if gnutls_x509_crt_sign2 is not found (it was introduced in 1.2.0, which is required)
+ if test x${ac_cv_func_gnutls_x509_crt_sign2} != xyes; then
+ AC_MSG_ERROR([GnuTLS version predates gnutls_x509_crt_sign2, newer version required (at least 1.2.0)])
+Index: neon-0.30.1/src/ne_gnutls.c
+===================================================================
+--- neon-0.30.1.orig/src/ne_gnutls.c
++++ neon-0.30.1/src/ne_gnutls.c
+@@ -553,7 +553,13 @@ dup_error:
+ static int provide_client_cert(gnutls_session_t session,
+ const gnutls_datum_t *req_ca_rdn, int nreqs,
+ const gnutls_pk_algorithm_t *sign_algos,
+- int sign_algos_length, gnutls_retr_st *st)
++ int sign_algos_length,
++#if HAVE_GNUTLS_CERTIFICATE_SET_RETRIEVE_FUNCTION
++ gnutls_retr2_st* st
++#else
++ gnutls_retr_st *st
++#endif
++ )
+ {
+ ne_session *sess = gnutls_session_get_ptr(session);
+
+@@ -617,8 +623,11 @@ static int provide_client_cert(gnutls_se
+ #endif
+ ) {
+ NE_DEBUG(NE_DBG_SSL, "Supplying client certificate.\n");
+-
++#if HAVE_GNUTLS_CERTIFICATE_SET_RETRIEVE_FUNCTION
++ st->cert_type = type;
++#else
+ st->type = type;
++#endif
+ st->ncerts = 1;
+ st->cert.x509 = &sess->client_cert->cert.subject;
+ st->key.x509 = sess->client_cert->pkey;
diff --git a/meta/recipes-support/neon/neon_0.30.1.bb b/meta/recipes-support/neon/neon_0.30.1.bb
index 9245244..bac5bac 100644
--- a/meta/recipes-support/neon/neon_0.30.1.bb
+++ b/meta/recipes-support/neon/neon_0.30.1.bb
@@ -10,7 +10,8 @@ DEPENDS_class-native = "zlib-native libxml2-native expat-native gnutls-native"
BBCLASSEXTEND = "native"
SRC_URI = "http://www.webdav.org/${BPN}/${BPN}-${PV}.tar.gz \
- file://pkgconfig.patch"
+ file://pkgconfig.patch \
+ file://gnutls_4.3_fixup.patch"
SRC_URI[md5sum] = "231adebe5c2f78fded3e3df6e958878e"
SRC_URI[sha256sum] = "00c626c0dc18d094ab374dbd9a354915bfe4776433289386ed489c2ec0845cdd"
--
1.9.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH 3/3] neon: build fix
2015-06-04 19:37 ` [PATCH 3/3] neon: build fix Armin Kuster
@ 2015-06-09 19:02 ` Burton, Ross
2015-06-12 20:32 ` akuster808
0 siblings, 1 reply; 6+ messages in thread
From: Burton, Ross @ 2015-06-09 19:02 UTC (permalink / raw)
To: Armin Kuster; +Cc: OE-core
[-- Attachment #1: Type: text/plain, Size: 994 bytes --]
On 4 June 2015 at 20:37, Armin Kuster <akuster808@gmail.com> wrote:
> fixup to allow building with api changes in gnutls.
>
My world builds shows that libmusicbrainz was failing due to neon not
linking, and to demonstrate this I added this to neon.bb:
do_compile_append() {
oe_runmake -C test
}
Et voila:
| ../x86_64-poky-linux-libtool --silent --mode=link x86_64-poky-linux-gcc
-m64 -march=corei7 -mtune=corei7 -mfpmath=sse -msse4.2
--sysroot=/data/poky-master/tmp/sysroots/intel-corei7-64 -Wl,-O1
-Wl,--hash-style=gnu -Wl,--as-needed -no-install -o lock lock.lo libtest.la
|
/data/poky-master/tmp/work/corei7-64-poky-linux/neon/0.30.1-r0/build/src/.libs/libneon.so:
undefined reference to `gnutls_certificate_client_set_retrieve_function'
|
/data/poky-master/tmp/work/corei7-64-poky-linux/neon/0.30.1-r0/build/src/.libs/libneon.so:
undefined reference to `gnutls_certificate_client_set_retrieve_function'
Neon still doesn't build with the new gnutls.
Ross
[-- Attachment #2: Type: text/html, Size: 1622 bytes --]
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH 3/3] neon: build fix
2015-06-09 19:02 ` Burton, Ross
@ 2015-06-12 20:32 ` akuster808
0 siblings, 0 replies; 6+ messages in thread
From: akuster808 @ 2015-06-12 20:32 UTC (permalink / raw)
To: Burton, Ross; +Cc: OE-core
Ok, I got this working. I will submit a new pull request soon.
- armin
On 06/09/2015 12:02 PM, Burton, Ross wrote:
> On 4 June 2015 at 20:37, Armin Kuster <akuster808@gmail.com
> <mailto:akuster808@gmail.com>> wrote:
>
> fixup to allow building with api changes in gnutls.
>
>
> My world builds shows that libmusicbrainz was failing due to neon not
> linking, and to demonstrate this I added this to neon.bb <http://neon.bb>:
>
> do_compile_append() {
> oe_runmake -C test
> }
>
> Et voila:
>
> | ../x86_64-poky-linux-libtool --silent --mode=link
> x86_64-poky-linux-gcc -m64 -march=corei7 -mtune=corei7 -mfpmath=sse
> -msse4.2 --sysroot=/data/poky-master/tmp/sysroots/intel-corei7-64
> -Wl,-O1 -Wl,--hash-style=gnu -Wl,--as-needed -no-install -o lock lock.lo
> libtest.la <http://libtest.la>
> |
> /data/poky-master/tmp/work/corei7-64-poky-linux/neon/0.30.1-r0/build/src/.libs/libneon.so:
> undefined reference to `gnutls_certificate_client_set_retrieve_function'
> |
> /data/poky-master/tmp/work/corei7-64-poky-linux/neon/0.30.1-r0/build/src/.libs/libneon.so:
> undefined reference to `gnutls_certificate_client_set_retrieve_function'
>
> Neon still doesn't build with the new gnutls.
>
> Ross
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2015-06-12 20:32 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-06-04 19:37 [PATCH 0/3] Gntls update to 4.3.1 Armin Kuster
2015-06-04 19:37 ` [PATCH 1/3] nettle: update package to 3.1.1 version Armin Kuster
2015-06-04 19:37 ` [PATCH 2/3] gnutls: update to 3.4.1 Armin Kuster
2015-06-04 19:37 ` [PATCH 3/3] neon: build fix Armin Kuster
2015-06-09 19:02 ` Burton, Ross
2015-06-12 20:32 ` akuster808
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.