diff options
author | Armin Kuster <akuster808@gmail.com> | 2019-01-05 14:05:01 -0800 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2019-01-08 11:16:44 +0000 |
commit | 0a835727a83b8aad09875fc89296d187a82b97f6 (patch) | |
tree | ae7f486a00370b7bb0363cc9daf4b478515d11cb /meta/recipes-support/nettle/nettle-3.4.1 | |
parent | 96dee0ab5c59c96063cee4f5013ae12b93542ab8 (diff) | |
download | poky-0a835727a83b8aad09875fc89296d187a82b97f6.tar.gz |
nettle: update to 3.4.1
Bug fix only release
Include:
CVE-2018-16868 gnutls: Bleichenbacher-like side channel leakage in
PKCS#1 1.5 verification and padding oracle verification
CVE-2018-16869 nettle: Leaky data conversion exposing a manager oracle
For full details see:
http://lists.lysator.liu.se/pipermail/nettle-bugs/2018/007369.html
[V2]
Add -std=c99 to cflags
(From OE-Core rev: 8ac8fa8ee10c59a081d368a5429e0eced8dd5d3c)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-support/nettle/nettle-3.4.1')
4 files changed, 130 insertions, 0 deletions
diff --git a/meta/recipes-support/nettle/nettle-3.4.1/Add-target-to-only-build-tests-not-run-them.patch b/meta/recipes-support/nettle/nettle-3.4.1/Add-target-to-only-build-tests-not-run-them.patch new file mode 100644 index 0000000000..c007060ee6 --- /dev/null +++ b/meta/recipes-support/nettle/nettle-3.4.1/Add-target-to-only-build-tests-not-run-them.patch | |||
@@ -0,0 +1,38 @@ | |||
1 | Add target to only build tests (not run them) | ||
2 | |||
3 | Not sending upstream as this is only a start of a solution to | ||
4 | installable tests: It's useful for us already as is. | ||
5 | |||
6 | Upstream-Status: Inappropriate [not a complete solution] | ||
7 | |||
8 | Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com> | ||
9 | Refactored for 3.4 | ||
10 | Signed-off-by: Armin Kuster <akuster@mvista.com> | ||
11 | |||
12 | Index: nettle-3.4/Makefile.in | ||
13 | =================================================================== | ||
14 | --- nettle-3.4.orig/Makefile.in | ||
15 | +++ nettle-3.4/Makefile.in | ||
16 | @@ -55,6 +55,9 @@ clean distclean mostlyclean maintainer-c | ||
17 | echo "Making $@ in $$d" ; (cd $$d && $(MAKE) $@); done | ||
18 | $(MAKE) $@-here | ||
19 | |||
20 | +buildtest: | ||
21 | + echo "Making $@ in testsuite" ; (cd testsuite && $(MAKE) $@) | ||
22 | + | ||
23 | check-here: | ||
24 | true | ||
25 | |||
26 | Index: nettle-3.4/testsuite/Makefile.in | ||
27 | =================================================================== | ||
28 | --- nettle-3.4.orig/testsuite/Makefile.in | ||
29 | +++ nettle-3.4/testsuite/Makefile.in | ||
30 | @@ -131,6 +131,8 @@ $(TARGETS) $(EXTRA_TARGETS): testutils.$ | ||
31 | # data. | ||
32 | VALGRIND = valgrind --error-exitcode=1 --leak-check=full --show-reachable=yes @IF_ASM@ --partial-loads-ok=yes | ||
33 | |||
34 | +buildtest: $(TS_ALL) | ||
35 | + | ||
36 | # The PATH update is for windows dlls, DYLD_LIBRARY_PATH is for OSX. | ||
37 | check: $(TS_ALL) | ||
38 | LD_LIBRARY_PATH=../.lib PATH="../.lib:$$PATH" DYLD_LIBRARY_PATH=../.lib \ | ||
diff --git a/meta/recipes-support/nettle/nettle-3.4.1/check-header-files-of-openssl-only-if-enable_.patch b/meta/recipes-support/nettle/nettle-3.4.1/check-header-files-of-openssl-only-if-enable_.patch new file mode 100644 index 0000000000..d5f266681e --- /dev/null +++ b/meta/recipes-support/nettle/nettle-3.4.1/check-header-files-of-openssl-only-if-enable_.patch | |||
@@ -0,0 +1,36 @@ | |||
1 | From ffee6b5f6204a0210f717968ec6ce514d70acca1 Mon Sep 17 00:00:00 2001 | ||
2 | From: Haiqing Bai <Haiqing.Bai@windriver.com> | ||
3 | Date: Fri, 9 Dec 2016 15:23:17 +0800 | ||
4 | Subject: [PATCH] nettle: check header files of openssl only if | ||
5 | 'enable_openssl=yes'. | ||
6 | |||
7 | The original configure script checks openssl header files to generate | ||
8 | config.h even if 'enable_openssl' is not set to yes, this made inconsistent | ||
9 | building for nettle. | ||
10 | |||
11 | Upstream-Status: Pending | ||
12 | Signed-off-by: Haiqing Bai <Haiqing.Bai@windriver.com> | ||
13 | |||
14 | refactored for 3.4. pending not in as of 3.4 | ||
15 | |||
16 | Signed-off-by: Armin Kuster <akuster@mvista.com> | ||
17 | |||
18 | Index: nettle-3.4/configure.ac | ||
19 | =================================================================== | ||
20 | --- nettle-3.4.orig/configure.ac | ||
21 | +++ nettle-3.4/configure.ac | ||
22 | @@ -185,9 +185,11 @@ AC_HEADER_TIME | ||
23 | AC_CHECK_SIZEOF(long) | ||
24 | AC_CHECK_SIZEOF(size_t) | ||
25 | |||
26 | -AC_CHECK_HEADERS([openssl/evp.h openssl/ecdsa.h],, | ||
27 | -[enable_openssl=no | ||
28 | - break]) | ||
29 | +if test "x$enable_openssl" = "xyes"; then | ||
30 | + AC_CHECK_HEADERS([openssl/evp.h openssl/ecdsa.h],, | ||
31 | + [enable_openssl=no | ||
32 | + break]) | ||
33 | +fi | ||
34 | |||
35 | # For use by the testsuite | ||
36 | AC_CHECK_HEADERS([valgrind/memcheck.h]) | ||
diff --git a/meta/recipes-support/nettle/nettle-3.4.1/dlopen-test.patch b/meta/recipes-support/nettle/nettle-3.4.1/dlopen-test.patch new file mode 100644 index 0000000000..c4f0b7ea1c --- /dev/null +++ b/meta/recipes-support/nettle/nettle-3.4.1/dlopen-test.patch | |||
@@ -0,0 +1,20 @@ | |||
1 | Replace relative path of libnettle.so with absolute path so the test | ||
2 | program can find it. | ||
3 | Relative paths are not suitable, as the folder strucure for ptest | ||
4 | is different from the one expected by the nettle testsuite. | ||
5 | |||
6 | Upstream-Status: Inappropriate [embedded specific] | ||
7 | |||
8 | Signed-off-by: Juro Bystricky <juro.bystricky@intel.com> | ||
9 | |||
10 | --- a/testsuite/dlopen-test.c 2016-10-01 00:28:38.000000000 -0700 | ||
11 | +++ b/testsuite/dlopen-test.c 2017-10-13 11:08:57.227572860 -0700 | ||
12 | @@ -9,7 +9,7 @@ | ||
13 | main (int argc UNUSED, char **argv UNUSED) | ||
14 | { | ||
15 | #if HAVE_LIBDL | ||
16 | - void *handle = dlopen ("../libnettle.so", RTLD_NOW); | ||
17 | + void *handle = dlopen ("/usr/lib/libnettle.so", RTLD_NOW); | ||
18 | int (*get_version)(void); | ||
19 | if (!handle) | ||
20 | { | ||
diff --git a/meta/recipes-support/nettle/nettle-3.4.1/run-ptest b/meta/recipes-support/nettle/nettle-3.4.1/run-ptest new file mode 100644 index 0000000000..b90bed66d2 --- /dev/null +++ b/meta/recipes-support/nettle/nettle-3.4.1/run-ptest | |||
@@ -0,0 +1,36 @@ | |||
1 | #! /bin/sh | ||
2 | |||
3 | cd testsuite | ||
4 | |||
5 | failed=0 | ||
6 | all=0 | ||
7 | |||
8 | for f in *-test; do | ||
9 | if [ "$f" = "sha1-huge-test" ] ; then | ||
10 | echo "SKIP: $f (skipped for ludicrous run time)" | ||
11 | continue | ||
12 | fi | ||
13 | |||
14 | "./$f" | ||
15 | case "$?" in | ||
16 | 0) | ||
17 | echo "PASS: $f" | ||
18 | all=$((all + 1)) | ||
19 | ;; | ||
20 | 77) | ||
21 | echo "SKIP: $f" | ||
22 | ;; | ||
23 | *) | ||
24 | echo "FAIL: $f" | ||
25 | failed=$((failed + 1)) | ||
26 | all=$((all + 1)) | ||
27 | ;; | ||
28 | esac | ||
29 | done | ||
30 | |||
31 | if [ "$failed" -eq 0 ] ; then | ||
32 | echo "All $all tests passed" | ||
33 | else | ||
34 | echo "$failed of $all tests failed" | ||
35 | fi | ||
36 | |||