diff options
author | Ross Burton <ross.burton@intel.com> | 2013-05-08 13:14:45 +0100 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2013-05-09 08:51:13 +0100 |
commit | 77d00c58bb85e2b7c3dee3d8549d8d31d74f4b45 (patch) | |
tree | fef68ca5573b603b477e5b8191f2b534207ac5ab | |
parent | 1abffd2ac8ee6af5ec02d5fc373130a6e22f4313 (diff) | |
download | poky-77d00c58bb85e2b7c3dee3d8549d8d31d74f4b45.tar.gz |
gnutls: upgrade to 2.12.23
Importantly, this fixes CVE-2013-1619.
Upstream doesn't use GNU as a host, so update the SRC_URI.
remove-gets.patch isn't required anymore, obsolete_automake_macros.patch is
merged upstream, and gnutls_fix_for_automake_1.12.1.patch doesn't seem to be
needed. It was merged and reverted upstream, and my build without it succeeded.
(From OE-Core rev: 9a6395076984350b1dd7005453f97233bbb43132)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r-- | meta/recipes-support/gnutls/gnutls.inc | 4 | ||||
-rw-r--r-- | meta/recipes-support/gnutls/gnutls/gnutls_fix_for_automake_1.12.1.patch | 43 | ||||
-rw-r--r-- | meta/recipes-support/gnutls/gnutls/obsolete_automake_macros.patch | 39 | ||||
-rw-r--r-- | meta/recipes-support/gnutls/gnutls/remove-gets.patch | 41 | ||||
-rw-r--r-- | meta/recipes-support/gnutls/gnutls_2.12.23.bb (renamed from meta/recipes-support/gnutls/gnutls_2.12.21.bb) | 8 |
5 files changed, 6 insertions, 129 deletions
diff --git a/meta/recipes-support/gnutls/gnutls.inc b/meta/recipes-support/gnutls/gnutls.inc index d6c187ffee..12cc4f114f 100644 --- a/meta/recipes-support/gnutls/gnutls.inc +++ b/meta/recipes-support/gnutls/gnutls.inc | |||
@@ -15,7 +15,9 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504 \ | |||
15 | file://lib/COPYING;md5=a6f89e2100d9b6cdffcea4f398e37343 \ | 15 | file://lib/COPYING;md5=a6f89e2100d9b6cdffcea4f398e37343 \ |
16 | file://libextra/COPYING;md5=d32239bcb673463ab874e80d47fae504" | 16 | file://libextra/COPYING;md5=d32239bcb673463ab874e80d47fae504" |
17 | 17 | ||
18 | SRC_URI = "${GNU_MIRROR}/gnutls/gnutls-${PV}.tar.bz2" | 18 | SHRT_VER = "${@d.getVar('PV',1).split('.')[0]}.${@d.getVar('PV',1).split('.')[1]}" |
19 | |||
20 | SRC_URI = "ftp://ftp.gnutls.org/gcrypt/gnutls/v${SHRT_VER}/gnutls-${PV}.tar.bz2" | ||
19 | 21 | ||
20 | inherit autotools binconfig pkgconfig gettext lib_package | 22 | inherit autotools binconfig pkgconfig gettext lib_package |
21 | 23 | ||
diff --git a/meta/recipes-support/gnutls/gnutls/gnutls_fix_for_automake_1.12.1.patch b/meta/recipes-support/gnutls/gnutls/gnutls_fix_for_automake_1.12.1.patch deleted file mode 100644 index c742e6c9fe..0000000000 --- a/meta/recipes-support/gnutls/gnutls/gnutls_fix_for_automake_1.12.1.patch +++ /dev/null | |||
@@ -1,43 +0,0 @@ | |||
1 | Upstream-Status: Pending | ||
2 | |||
3 | Avoids these kind of warnings: | ||
4 | Warning: 'libgnutls.la': linking libtool libraries using a non-POSIX archiver requires 'AM_PROG_AR' in 'configure.ac' | ||
5 | |||
6 | Signed-Off-by: Nitin A Kamble <nitin.a.kamble@intel.com> | ||
7 | Date: 2012/07/09 | ||
8 | Index: gnutls-2.12.19/configure.ac | ||
9 | =================================================================== | ||
10 | --- gnutls-2.12.19.orig/configure.ac | ||
11 | +++ gnutls-2.12.19/configure.ac | ||
12 | @@ -28,6 +28,7 @@ AC_CONFIG_MACRO_DIR([m4]) | ||
13 | |||
14 | AM_INIT_AUTOMAKE([1.10 no-dist-gzip dist-bzip2 -Wall -Wno-override]) | ||
15 | m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])]) | ||
16 | +m4_ifdef([AM_PROG_AR], [AM_PROG_AR]) # required by automake 1.12 | ||
17 | AM_CONFIG_HEADER(config.h) | ||
18 | |||
19 | AC_MSG_RESULT([*** | ||
20 | Index: gnutls-2.12.19/lib/configure.ac | ||
21 | =================================================================== | ||
22 | --- gnutls-2.12.19.orig/lib/configure.ac | ||
23 | +++ gnutls-2.12.19/lib/configure.ac | ||
24 | @@ -28,6 +28,7 @@ AC_CONFIG_MACRO_DIR([m4]) | ||
25 | |||
26 | AM_INIT_AUTOMAKE([1.10 -Wall -Wno-override]) | ||
27 | m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])]) | ||
28 | +m4_ifdef([AM_PROG_AR], [AM_PROG_AR]) # required by automake 1.12 | ||
29 | AM_CONFIG_HEADER(config.h) | ||
30 | |||
31 | AC_PROG_CC | ||
32 | Index: gnutls-2.12.19/libextra/configure.ac | ||
33 | =================================================================== | ||
34 | --- gnutls-2.12.19.orig/libextra/configure.ac | ||
35 | +++ gnutls-2.12.19/libextra/configure.ac | ||
36 | @@ -28,6 +28,7 @@ AC_CONFIG_MACRO_DIR([m4]) | ||
37 | |||
38 | AM_INIT_AUTOMAKE([1.10 -Wall -Wno-override]) | ||
39 | m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])]) | ||
40 | +m4_ifdef([AM_PROG_AR], [AM_PROG_AR]) # required by automake 1.12 | ||
41 | AM_CONFIG_HEADER(config.h) | ||
42 | |||
43 | AC_PROG_CC | ||
diff --git a/meta/recipes-support/gnutls/gnutls/obsolete_automake_macros.patch b/meta/recipes-support/gnutls/gnutls/obsolete_automake_macros.patch deleted file mode 100644 index 564017878f..0000000000 --- a/meta/recipes-support/gnutls/gnutls/obsolete_automake_macros.patch +++ /dev/null | |||
@@ -1,39 +0,0 @@ | |||
1 | Upstream-Status: Submitted [https://savannah.gnu.org/support/index.php?108219] | ||
2 | |||
3 | Signed-off-by: Marko Lindqvist <cazfi74@gmail.com> | ||
4 | diff -Nurd gnutls-2.12.21/configure.ac gnutls-2.12.21/configure.ac | ||
5 | --- gnutls-2.12.21/configure.ac 2013-01-03 07:52:42.182740682 +0200 | ||
6 | +++ gnutls-2.12.21/configure.ac 2013-01-03 07:53:41.662739378 +0200 | ||
7 | @@ -29,7 +29,7 @@ | ||
8 | AM_INIT_AUTOMAKE([1.10 no-dist-gzip dist-bzip2 -Wall -Wno-override]) | ||
9 | m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])]) | ||
10 | m4_ifdef([AM_PROG_AR], [AM_PROG_AR]) # required by automake 1.12 | ||
11 | -AM_CONFIG_HEADER(config.h) | ||
12 | +AC_CONFIG_HEADERS(config.h) | ||
13 | |||
14 | AC_MSG_RESULT([*** | ||
15 | *** Checking for compilation programs... | ||
16 | diff -Nurd gnutls-2.12.21/lib/configure.ac gnutls-2.12.21/lib/configure.ac | ||
17 | --- gnutls-2.12.21/lib/configure.ac 2013-01-03 07:52:42.182740682 +0200 | ||
18 | +++ gnutls-2.12.21/lib/configure.ac 2013-01-03 08:07:38.150721027 +0200 | ||
19 | @@ -29,7 +29,7 @@ | ||
20 | AM_INIT_AUTOMAKE([1.10 -Wall -Wno-override]) | ||
21 | m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])]) | ||
22 | m4_ifdef([AM_PROG_AR], [AM_PROG_AR]) # required by automake 1.12 | ||
23 | -AM_CONFIG_HEADER(config.h) | ||
24 | +AC_CONFIG_HEADERS(config.h) | ||
25 | |||
26 | AC_PROG_CC | ||
27 | lgl_EARLY | ||
28 | diff -Nurd gnutls-2.12.21/libextra/configure.ac gnutls-2.12.21/libextra/configure.ac | ||
29 | --- gnutls-2.12.21/libextra/configure.ac 2013-01-03 07:52:42.182740682 +0200 | ||
30 | +++ gnutls-2.12.21/libextra/configure.ac 2013-01-03 08:10:56.654716669 +0200 | ||
31 | @@ -29,7 +29,7 @@ | ||
32 | AM_INIT_AUTOMAKE([1.10 -Wall -Wno-override]) | ||
33 | m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])]) | ||
34 | m4_ifdef([AM_PROG_AR], [AM_PROG_AR]) # required by automake 1.12 | ||
35 | -AM_CONFIG_HEADER(config.h) | ||
36 | +AC_CONFIG_HEADERS(config.h) | ||
37 | |||
38 | AC_PROG_CC | ||
39 | xgl_EARLY | ||
diff --git a/meta/recipes-support/gnutls/gnutls/remove-gets.patch b/meta/recipes-support/gnutls/gnutls/remove-gets.patch deleted file mode 100644 index 8b7df6286a..0000000000 --- a/meta/recipes-support/gnutls/gnutls/remove-gets.patch +++ /dev/null | |||
@@ -1,41 +0,0 @@ | |||
1 | eglibc 2.16 has removed gets completely | ||
2 | |||
3 | Signed-off-by: Khem Raj <raj.khem@gmail.com> | ||
4 | |||
5 | Upstream-Status: Pending | ||
6 | Index: gnutls-2.12.20/gl/stdio.in.h | ||
7 | =================================================================== | ||
8 | --- gnutls-2.12.20.orig/gl/stdio.in.h 2012-03-01 07:47:48.000000000 -0800 | ||
9 | +++ gnutls-2.12.20/gl/stdio.in.h 2012-07-03 18:17:57.191637189 -0700 | ||
10 | @@ -710,11 +710,13 @@ | ||
11 | _GL_CXXALIAS_SYS (gets, char *, (char *s)); | ||
12 | # undef gets | ||
13 | # endif | ||
14 | +# if defined gets | ||
15 | _GL_CXXALIASWARN (gets); | ||
16 | /* It is very rare that the developer ever has full control of stdin, | ||
17 | so any use of gets warrants an unconditional warning. Assume it is | ||
18 | always declared, since it is required by C89. */ | ||
19 | _GL_WARN_ON_USE (gets, "gets is a security hole - use fgets instead"); | ||
20 | +# endif | ||
21 | #endif | ||
22 | |||
23 | |||
24 | Index: gnutls-2.12.20/lib/gl/stdio.in.h | ||
25 | =================================================================== | ||
26 | --- gnutls-2.12.20.orig/lib/gl/stdio.in.h 2012-03-01 07:53:13.000000000 -0800 | ||
27 | +++ gnutls-2.12.20/lib/gl/stdio.in.h 2012-07-03 18:18:56.351639640 -0700 | ||
28 | @@ -710,11 +710,13 @@ | ||
29 | _GL_CXXALIAS_SYS (gets, char *, (char *s)); | ||
30 | # undef gets | ||
31 | # endif | ||
32 | +# if defined gets | ||
33 | _GL_CXXALIASWARN (gets); | ||
34 | /* It is very rare that the developer ever has full control of stdin, | ||
35 | so any use of gets warrants an unconditional warning. Assume it is | ||
36 | always declared, since it is required by C89. */ | ||
37 | _GL_WARN_ON_USE (gets, "gets is a security hole - use fgets instead"); | ||
38 | +# endif | ||
39 | #endif | ||
40 | |||
41 | |||
diff --git a/meta/recipes-support/gnutls/gnutls_2.12.21.bb b/meta/recipes-support/gnutls/gnutls_2.12.23.bb index 7b4426bf26..1575d2c614 100644 --- a/meta/recipes-support/gnutls/gnutls_2.12.21.bb +++ b/meta/recipes-support/gnutls/gnutls_2.12.23.bb | |||
@@ -5,11 +5,9 @@ PR = "${INC_PR}.4" | |||
5 | SRC_URI += "file://gnutls-openssl.patch \ | 5 | SRC_URI += "file://gnutls-openssl.patch \ |
6 | file://correct_rpl_gettimeofday_signature.patch \ | 6 | file://correct_rpl_gettimeofday_signature.patch \ |
7 | file://configure-fix.patch \ | 7 | file://configure-fix.patch \ |
8 | file://gnutls_fix_for_automake_1.12.1.patch \ | ||
9 | file://avoid_AM_PROG_MKDIR_P_warning_error_with_automake_1.12.patch \ | 8 | file://avoid_AM_PROG_MKDIR_P_warning_error_with_automake_1.12.patch \ |
10 | file://obsolete_automake_macros.patch \ | ||
11 | ${@['', 'file://fix-gettext-version.patch'][bb.data.inherits_class('native', d) or (not ((d.getVar("INCOMPATIBLE_LICENSE", True) or "").find("GPLv3") != -1))]} \ | 9 | ${@['', 'file://fix-gettext-version.patch'][bb.data.inherits_class('native', d) or (not ((d.getVar("INCOMPATIBLE_LICENSE", True) or "").find("GPLv3") != -1))]} \ |
12 | file://remove-gets.patch \ | ||
13 | " | 10 | " |
14 | SRC_URI[md5sum] = "93ffac7507dd39a4c6a672ca6976d397" | 11 | |
15 | SRC_URI[sha256sum] = "2bd020665951f38a230d6b6d98630f8c47ca6977d7d86977d356ccf17756fbf3" | 12 | SRC_URI[md5sum] = "f3c1d34bd5f113395c4be0d5dfc2b7fe" |
13 | SRC_URI[sha256sum] = "dfa67a7e40727eb0913e75f3c44911d5d8cd58d1ead5acfe73dd933fc0d17ed2" | ||