gnutls: update to 3.5.5

Remove backported 0001-Use-correct-include-dir-with-minitasn.patch and CVE-2016-7444.patch (which still applied silently and incorrectly: https://bugzilla.yoctoproject.org/show_bug.cgi?id=10450). (From OE-Core rev: 118b7233721c374314b9ceca5a101e772a29d8c3) Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Alexander Kanavin <alexander.kanavin@linux.intel.com> 2016-10-18 17:05:13 +0300
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2016-10-28 16:15:18 +0100
commit: ff30ef9d5499171fe1798015c37ff7762e6a8e2b (patch)
tree: c0b398c304e0c33b9f93a69fbe4943819d3f61d4 /meta/recipes-support/gnutls
parent: 6e0980decbb492b299e7cceddd95d7b12199b2f7 (diff)
download: poky-ff30ef9d5499171fe1798015c37ff7762e6a8e2b.tar.gz
4 files changed, 9 insertions, 79 deletions
diff --git a/meta/recipes-support/gnutls/gnutls/0001-Use-correct-include-dir-with-minitasn.patch b/meta/recipes-support/gnutls/gnutls/0001-Use-correct-include-dir-with-minitasn.patch
deleted file mode 100644
index d7dd7cf69b..0000000000
--- a/meta/recipes-support/gnutls/gnutls/0001-Use-correct-include-dir-with-minitasn.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-From 2651b08477f42dd7a05ea7d6df410fb2c46de4fb Mon Sep 17 00:00:00 2001
-From: Jussi Kukkonen <jussi.kukkonen@intel.com>
-Date: Wed, 31 Aug 2016 11:04:06 +0300
-Subject: [PATCH] Use correct include dir with minitasn
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-This allows compiling certtool-cfg without libtasn headers.
-Upstream-Status: Submitted [https://gitlab.com/gnutls/gnutls/merge_requests/54]
-Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
---
- src/Makefile.am | 1 +
- 1 file changed, 1 insertion(+)
-diff --git a/src/Makefile.am b/src/Makefile.am
-index 182f3a5..cf65388 100644
--- a/src/Makefile.am
-+++ b/src/Makefile.am
-@@ -146,6 +146,7 @@ libcmd_cli_debug_la_SOURCES = cli-debug-args.def cli-debug-args.c cli-debug-args
- COMMON_LIBS = $(LIBOPTS) $(LTLIBINTL)
- if ENABLE_MINITASN1
- COMMON_LIBS += ../lib/minitasn1/libminitasn1.la ../gl/libgnu.la 
-+AM_CPPFLAGS += -I$(top_srcdir)/lib/minitasn1
- else
- COMMON_LIBS += $(LIBTASN1_LIBS)
- endif
-- 
-2.9.3
diff --git a/meta/recipes-support/gnutls/gnutls/CVE-2016-7444.patch b/meta/recipes-support/gnutls/gnutls/CVE-2016-7444.patch
deleted file mode 100644
index 215be5a8ec..0000000000
--- a/meta/recipes-support/gnutls/gnutls/CVE-2016-7444.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-CVE: CVE-2016-7444
-Upstream-Status: Backport
-Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
-Upstream commit follows:
-From 964632f37dfdfb914ebc5e49db4fa29af35b1de9 Mon Sep 17 00:00:00 2001
-From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
-Date: Sat, 27 Aug 2016 17:00:22 +0200
-Subject: [PATCH] ocsp: corrected the comparison of the serial size in OCSP response
-Previously the OCSP certificate check wouldn't verify the serial length
-and could succeed in cases it shouldn't.
-Reported by Stefan Buehler.
---
- lib/x509/ocsp.c | 1 +
- 1 file changed, 1 insertion(+), 0 deletions(-)
-diff --git a/lib/x509/ocsp.c b/lib/x509/ocsp.c
-index 92db9b6..8181f2e 100644
--- a/lib/x509/ocsp.c
-+++ b/lib/x509/ocsp.c
-@@ -1318,6 +1318,7 @@ gnutls_ocsp_resp_check_crt(gnutls_ocsp_resp_t resp,
-                gnutls_assert();
-                goto cleanup;
-        }
-+       cserial.size = t;
- 
-        if (rserial.size != cserial.size
-            || memcmp(cserial.data, rserial.data, rserial.size) != 0) {
--
-libgit2 0.24.0
diff --git a/meta/recipes-support/gnutls/gnutls_3.5.3.bb b/meta/recipes-support/gnutls/gnutls_3.5.3.bb
deleted file mode 100644
index b2dbb07124..0000000000
--- a/meta/recipes-support/gnutls/gnutls_3.5.3.bb
+++ /dev/null
@@ -1,13 +0,0 @@
-require gnutls.inc
-SRC_URI += "file://correct_rpl_gettimeofday_signature.patch \
-            file://0001-configure.ac-fix-sed-command.patch \
-            file://use-pkg-config-to-locate-zlib.patch \
-            file://0001-Use-correct-include-dir-with-minitasn.patch \
-            file://CVE-2016-7444.patch \
-           "
-SRC_URI[md5sum] = "6c2c7f40ddf52933ee3ca474cb8cb63c"
-SRC_URI[sha256sum] = "92c4bc999a10a1b95299ebefaeea8333f19d8a98d957a35b5eae74881bdb1fef"
-# x86 .text relocations should be fixed from 3.5.5 onwards
-INSANE_SKIP_${PN}_append_x86 = " textrel"
diff --git a/meta/recipes-support/gnutls/gnutls_3.5.5.bb b/meta/recipes-support/gnutls/gnutls_3.5.5.bb
new file mode 100644
index 0000000000..d255959e23
--- /dev/null
+++ b/meta/recipes-support/gnutls/gnutls_3.5.5.bb
@@ -0,0 +1,9 @@
+require gnutls.inc
+SRC_URI += "file://correct_rpl_gettimeofday_signature.patch \
+            file://0001-configure.ac-fix-sed-command.patch \
+            file://use-pkg-config-to-locate-zlib.patch \
+           "
+SRC_URI[md5sum] = "fb84c4d7922c1545da8dda4dcb9487d4"
+SRC_URI[sha256sum] = "86994fe7804ee16d2811e366b9bf2f75304f8e470ae0e3716d60ffeedac0e529"
author	Alexander Kanavin <alexander.kanavin@linux.intel.com>	2016-10-18 17:05:13 +0300
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2016-10-28 16:15:18 +0100
commit	ff30ef9d5499171fe1798015c37ff7762e6a8e2b (patch)
tree	c0b398c304e0c33b9f93a69fbe4943819d3f61d4 /meta/recipes-support/gnutls
parent	6e0980decbb492b299e7cceddd95d7b12199b2f7 (diff)
download	poky-ff30ef9d5499171fe1798015c37ff7762e6a8e2b.tar.gz

diff --git a/meta/recipes-support/gnutls/gnutls/0001-Use-correct-include-dir-with-minitasn.patch b/meta/recipes-support/gnutls/gnutls/0001-Use-correct-include-dir-with-minitasn.patch deleted file mode 100644 index d7dd7cf69b..0000000000 --- a/meta/recipes-support/gnutls/gnutls/0001-Use-correct-include-dir-with-minitasn.patch +++ /dev/null
@@ -1,31 +0,0 @@
1	From 2651b08477f42dd7a05ea7d6df410fb2c46de4fb Mon Sep 17 00:00:00 2001
2	From: Jussi Kukkonen <jussi.kukkonen@intel.com>
3	Date: Wed, 31 Aug 2016 11:04:06 +0300
4	Subject: [PATCH] Use correct include dir with minitasn
5	MIME-Version: 1.0
6	Content-Type: text/plain; charset=UTF-8
7	Content-Transfer-Encoding: 8bit
8
9	This allows compiling certtool-cfg without libtasn headers.
10
11	Upstream-Status: Submitted [https://gitlab.com/gnutls/gnutls/merge_requests/54]
12	Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
13	---
14	src/Makefile.am \| 1 +
15	1 file changed, 1 insertion(+)
16
17	diff --git a/src/Makefile.am b/src/Makefile.am
18	index 182f3a5..cf65388 100644
19	--- a/src/Makefile.am
20	+++ b/src/Makefile.am
21	@@ -146,6 +146,7 @@ libcmd_cli_debug_la_SOURCES = cli-debug-args.def cli-debug-args.c cli-debug-args
22	COMMON_LIBS = $(LIBOPTS) $(LTLIBINTL)
23	if ENABLE_MINITASN1
24	COMMON_LIBS += ../lib/minitasn1/libminitasn1.la ../gl/libgnu.la
25	+AM_CPPFLAGS += -I$(top_srcdir)/lib/minitasn1
26	else
27	COMMON_LIBS += $(LIBTASN1_LIBS)
28	endif
29	--
30	2.9.3
31


diff --git a/meta/recipes-support/gnutls/gnutls/CVE-2016-7444.patch b/meta/recipes-support/gnutls/gnutls/CVE-2016-7444.patch deleted file mode 100644 index 215be5a8ec..0000000000 --- a/meta/recipes-support/gnutls/gnutls/CVE-2016-7444.patch +++ /dev/null
@@ -1,35 +0,0 @@
1	CVE: CVE-2016-7444
2	Upstream-Status: Backport
3	Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
4
5	Upstream commit follows:
6
7
8	From 964632f37dfdfb914ebc5e49db4fa29af35b1de9 Mon Sep 17 00:00:00 2001
9	From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
10	Date: Sat, 27 Aug 2016 17:00:22 +0200
11	Subject: [PATCH] ocsp: corrected the comparison of the serial size in OCSP response
12
13	Previously the OCSP certificate check wouldn't verify the serial length
14	and could succeed in cases it shouldn't.
15
16	Reported by Stefan Buehler.
17	---
18	lib/x509/ocsp.c \| 1 +
19	1 file changed, 1 insertion(+), 0 deletions(-)
20
21	diff --git a/lib/x509/ocsp.c b/lib/x509/ocsp.c
22	index 92db9b6..8181f2e 100644
23	--- a/lib/x509/ocsp.c
24	+++ b/lib/x509/ocsp.c
25	@@ -1318,6 +1318,7 @@ gnutls_ocsp_resp_check_crt(gnutls_ocsp_resp_t resp,
26	gnutls_assert();
27	goto cleanup;
28	}
29	+ cserial.size = t;
30
31	if (rserial.size != cserial.size
32	\|\| memcmp(cserial.data, rserial.data, rserial.size) != 0) {
33	--
34	libgit2 0.24.0
35


diff --git a/meta/recipes-support/gnutls/gnutls_3.5.3.bb b/meta/recipes-support/gnutls/gnutls_3.5.3.bb deleted file mode 100644 index b2dbb07124..0000000000 --- a/meta/recipes-support/gnutls/gnutls_3.5.3.bb +++ /dev/null
@@ -1,13 +0,0 @@
1	require gnutls.inc
2
3	SRC_URI += "file://correct_rpl_gettimeofday_signature.patch \
4	file://0001-configure.ac-fix-sed-command.patch \
5	file://use-pkg-config-to-locate-zlib.patch \
6	file://0001-Use-correct-include-dir-with-minitasn.patch \
7	file://CVE-2016-7444.patch \
8	"
9	SRC_URI[md5sum] = "6c2c7f40ddf52933ee3ca474cb8cb63c"
10	SRC_URI[sha256sum] = "92c4bc999a10a1b95299ebefaeea8333f19d8a98d957a35b5eae74881bdb1fef"
11
12	# x86 .text relocations should be fixed from 3.5.5 onwards
13	INSANE_SKIP_${PN}_append_x86 = " textrel"


diff --git a/meta/recipes-support/gnutls/gnutls_3.5.5.bb b/meta/recipes-support/gnutls/gnutls_3.5.5.bb new file mode 100644 index 0000000000..d255959e23 --- /dev/null +++ b/meta/recipes-support/gnutls/gnutls_3.5.5.bb
@@ -0,0 +1,9 @@
		1	require gnutls.inc
		2
		3	SRC_URI += "file://correct_rpl_gettimeofday_signature.patch \
		4	file://0001-configure.ac-fix-sed-command.patch \
		5	file://use-pkg-config-to-locate-zlib.patch \
		6	"
		7	SRC_URI[md5sum] = "fb84c4d7922c1545da8dda4dcb9487d4"
		8	SRC_URI[sha256sum] = "86994fe7804ee16d2811e366b9bf2f75304f8e470ae0e3716d60ffeedac0e529"
		9