diff options
| author | Simone Weiß <simone.p.weiss@posteo.com> | 2024-04-02 05:22:49 +0000 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2024-04-04 14:05:03 +0100 |
| commit | 1885588807328010aa735cedb77c7c763b998c98 (patch) | |
| tree | ecee87bf6a6edf10f27ab8a4bc6363f298c3bb69 /meta/recipes-support | |
| parent | 5b486cd1dc02d3a85725a99c0777c0a83de4a010 (diff) | |
| download | poky-1885588807328010aa735cedb77c7c763b998c98.tar.gz | |
gnutls: upgrade 3.8.3 -> 3.8.4
- Upgrade gnutls SRCREV for new version
- Refresh patches for 3.8.4
Changelog:
==========
** libgnutls: RSA-OAEP encryption scheme is now supported
To use it with an unrestricted RSA private key, one would need to
initialize a gnutls_x509_spki_t object with necessary parameters
for RSA-OAEP and attach it to the private key. It is also possible
to import restricted private keys if they are stored in PKCS#8
format.
** libgnutls: Fix side-channel in the deterministic ECDSA.
Reported by George Pantelakis (#1516).
[GNUTLS-SA-2023-12-04, CVSS: medium] [CVE-2024-28834]
** libgnutls: Fixed a bug where certtool crashed when verifying a certificate
chain with more than 16 certificates. Reported by William Woodruff (#1525)
and yixiangzhike (#1527).
[GNUTLS-SA-2024-01-23, CVSS: medium] [CVE-2024-28835]
** libgnutls: Compression libraries are now loaded dynamically as needed
instead of all being loaded during gnutls library initialization.
As a result, the library initialization should be faster.
** build: The gnutls library can now be linked with the static library
of GMP. Note that in order for this to work libgmp.a needs to be
compiled with -fPIC and libhogweed in Nettle also has to be linked
to the static library of GMP. This can be used to prevent custom
memory allocators from being overriden by other applications.
** API and ABI modifications:
gnutls_x509_spki_get_rsa_oaep_params: New function.
gnutls_x509_spki_set_rsa_oaep_params: New function.
GNUTLS_PK_RSA_OAEP: New enum member of gnutls_pk_algorithm_t.
(From OE-Core rev: feaa2b8065c7a02b52aa55954f05a3ee66260305)
Signed-off-by: Simone Weiß <simone.p.weiss@posteo.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-support')
| -rw-r--r-- | meta/recipes-support/gnutls/gnutls/0001-Creating-.hmac-file-should-be-excuted-in-target-envi.patch | 7 | ||||
| -rw-r--r-- | meta/recipes-support/gnutls/gnutls/Add-ptest-support.patch | 11 | ||||
| -rw-r--r-- | meta/recipes-support/gnutls/gnutls/arm_eabi.patch | 7 | ||||
| -rw-r--r-- | meta/recipes-support/gnutls/gnutls_3.8.4.bb (renamed from meta/recipes-support/gnutls/gnutls_3.8.3.bb) | 2 |
4 files changed, 11 insertions, 16 deletions
diff --git a/meta/recipes-support/gnutls/gnutls/0001-Creating-.hmac-file-should-be-excuted-in-target-envi.patch b/meta/recipes-support/gnutls/gnutls/0001-Creating-.hmac-file-should-be-excuted-in-target-envi.patch index 4bdc40d932..d13bfee8ef 100644 --- a/meta/recipes-support/gnutls/gnutls/0001-Creating-.hmac-file-should-be-excuted-in-target-envi.patch +++ b/meta/recipes-support/gnutls/gnutls/0001-Creating-.hmac-file-should-be-excuted-in-target-envi.patch | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | From 21a8295bac3805e4490ba2b5f136e7f4c121061b Mon Sep 17 00:00:00 2001 | 1 | From 7be8ec59a53e93c2bd453b3ba2d63d1b300ef11f Mon Sep 17 00:00:00 2001 |
| 2 | From: Lei Maohui <leimaohui@fujitsu.com> | 2 | From: Lei Maohui <leimaohui@fujitsu.com> |
| 3 | Date: Mon, 23 May 2022 10:44:43 +0900 | 3 | Date: Mon, 23 May 2022 10:44:43 +0900 |
| 4 | Subject: [PATCH] Creating .hmac file should be excuted in target environment, | 4 | Subject: [PATCH] Creating .hmac file should be excuted in target environment, |
| @@ -6,16 +6,15 @@ Subject: [PATCH] Creating .hmac file should be excuted in target environment, | |||
| 6 | 6 | ||
| 7 | Upstream-Status: Inappropriate [https://gitlab.com/gnutls/gnutls/-/issues/1373] | 7 | Upstream-Status: Inappropriate [https://gitlab.com/gnutls/gnutls/-/issues/1373] |
| 8 | Signed-off-by: Lei Maohui <leimaohui@fujitsu.com> | 8 | Signed-off-by: Lei Maohui <leimaohui@fujitsu.com> |
| 9 | |||
| 10 | --- | 9 | --- |
| 11 | lib/Makefile.am | 3 +-- | 10 | lib/Makefile.am | 3 +-- |
| 12 | 1 file changed, 1 insertion(+), 2 deletions(-) | 11 | 1 file changed, 1 insertion(+), 2 deletions(-) |
| 13 | 12 | ||
| 14 | diff --git a/lib/Makefile.am b/lib/Makefile.am | 13 | diff --git a/lib/Makefile.am b/lib/Makefile.am |
| 15 | index 6d4e8d2..24ef108 100644 | 14 | index a50d311..193ea19 100644 |
| 16 | --- a/lib/Makefile.am | 15 | --- a/lib/Makefile.am |
| 17 | +++ b/lib/Makefile.am | 16 | +++ b/lib/Makefile.am |
| 18 | @@ -206,8 +206,7 @@ hmac_file = .libs/.$(gnutls_so).hmac | 17 | @@ -198,8 +198,7 @@ hmac_file = .libs/.$(gnutls_so).hmac |
| 19 | 18 | ||
| 20 | all-local: $(hmac_file) | 19 | all-local: $(hmac_file) |
| 21 | 20 | ||
diff --git a/meta/recipes-support/gnutls/gnutls/Add-ptest-support.patch b/meta/recipes-support/gnutls/gnutls/Add-ptest-support.patch index f87cf536fa..1152d3797f 100644 --- a/meta/recipes-support/gnutls/gnutls/Add-ptest-support.patch +++ b/meta/recipes-support/gnutls/gnutls/Add-ptest-support.patch | |||
| @@ -1,11 +1,10 @@ | |||
| 1 | From 81861f7ba690956c064ebe8dce6c313951fa2a9f Mon Sep 17 00:00:00 2001 | 1 | From ff6a345235b2585c261752e47a749228672b07dc Mon Sep 17 00:00:00 2001 |
| 2 | From: Ravineet Singh <ravineet.a.singh@est.tech> | 2 | From: Ravineet Singh <ravineet.a.singh@est.tech> |
| 3 | Date: Tue, 10 Jan 2023 16:11:10 +0100 | 3 | Date: Tue, 10 Jan 2023 16:11:10 +0100 |
| 4 | Subject: [PATCH] gnutls: add ptest support | 4 | Subject: [PATCH] gnutls: add ptest support |
| 5 | 5 | ||
| 6 | Upstream-Status: Inappropriate [embedded specific] | 6 | Upstream-Status: Inappropriate [embedded specific] |
| 7 | Signed-off-by: Ravineet Singh <ravineet.a.singh@est.tech> | 7 | Signed-off-by: Ravineet Singh <ravineet.a.singh@est.tech> |
| 8 | |||
| 9 | --- | 8 | --- |
| 10 | Makefile.am | 3 +++ | 9 | Makefile.am | 3 +++ |
| 11 | configure.ac | 2 ++ | 10 | configure.ac | 2 ++ |
| @@ -27,10 +26,10 @@ index 843193f..816b09f 100644 | |||
| 27 | 26 | ||
| 28 | include $(top_srcdir)/cligen/cligen.mk | 27 | include $(top_srcdir)/cligen/cligen.mk |
| 29 | diff --git a/configure.ac b/configure.ac | 28 | diff --git a/configure.ac b/configure.ac |
| 30 | index b25ba14..860ddef 100644 | 29 | index d6e03cf..e3f15fb 100644 |
| 31 | --- a/configure.ac | 30 | --- a/configure.ac |
| 32 | +++ b/configure.ac | 31 | +++ b/configure.ac |
| 33 | @@ -1150,6 +1150,8 @@ AC_SUBST(LIBGNUTLS_CFLAGS) | 32 | @@ -1213,6 +1213,8 @@ AC_SUBST(LIBGNUTLS_CFLAGS) |
| 34 | 33 | ||
| 35 | AM_CONDITIONAL(NEEDS_LIBRT, test "$gnutls_needs_librt" = "yes") | 34 | AM_CONDITIONAL(NEEDS_LIBRT, test "$gnutls_needs_librt" = "yes") |
| 36 | 35 | ||
| @@ -40,10 +39,10 @@ index b25ba14..860ddef 100644 | |||
| 40 | 39 | ||
| 41 | hw_features= | 40 | hw_features= |
| 42 | diff --git a/tests/Makefile.am b/tests/Makefile.am | 41 | diff --git a/tests/Makefile.am b/tests/Makefile.am |
| 43 | index d530ad0..71c592f 100644 | 42 | index fb9e55a..c2d226a 100644 |
| 44 | --- a/tests/Makefile.am | 43 | --- a/tests/Makefile.am |
| 45 | +++ b/tests/Makefile.am | 44 | +++ b/tests/Makefile.am |
| 46 | @@ -648,6 +648,12 @@ SH_LOG_COMPILER = $(SHELL) | 45 | @@ -658,6 +658,12 @@ SH_LOG_COMPILER = $(SHELL) |
| 47 | AM_VALGRINDFLAGS = --suppressions=$(srcdir)/suppressions.valgrind | 46 | AM_VALGRINDFLAGS = --suppressions=$(srcdir)/suppressions.valgrind |
| 48 | LOG_COMPILER = $(LOG_VALGRIND) | 47 | LOG_COMPILER = $(LOG_VALGRIND) |
| 49 | 48 | ||
diff --git a/meta/recipes-support/gnutls/gnutls/arm_eabi.patch b/meta/recipes-support/gnutls/gnutls/arm_eabi.patch index fe3f031fdc..883d0123db 100644 --- a/meta/recipes-support/gnutls/gnutls/arm_eabi.patch +++ b/meta/recipes-support/gnutls/gnutls/arm_eabi.patch | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | From 5810d97281bb30edb786de9946e5c13186eff6a2 Mon Sep 17 00:00:00 2001 | 1 | From d17ae0ef31c3c186766a338e8c40c87d1b98820e Mon Sep 17 00:00:00 2001 |
| 2 | From: Joe Slater <jslater@windriver.com> | 2 | From: Joe Slater <jslater@windriver.com> |
| 3 | Date: Wed, 25 Jan 2017 13:52:59 -0800 | 3 | Date: Wed, 25 Jan 2017 13:52:59 -0800 |
| 4 | Subject: [PATCH] gnutls: account for ARM_EABI | 4 | Subject: [PATCH] gnutls: account for ARM_EABI |
| @@ -14,7 +14,7 @@ Signed-off-by: Joe Slater <jslater@windriver.com> | |||
| 14 | 1 file changed, 2 insertions(+) | 14 | 1 file changed, 2 insertions(+) |
| 15 | 15 | ||
| 16 | diff --git a/tests/seccomp.c b/tests/seccomp.c | 16 | diff --git a/tests/seccomp.c b/tests/seccomp.c |
| 17 | index 86442a5..03a5aa8 100644 | 17 | index 881f0bb..5f9204a 100644 |
| 18 | --- a/tests/seccomp.c | 18 | --- a/tests/seccomp.c |
| 19 | +++ b/tests/seccomp.c | 19 | +++ b/tests/seccomp.c |
| 20 | @@ -55,7 +55,9 @@ int disable_system_calls(void) | 20 | @@ -55,7 +55,9 @@ int disable_system_calls(void) |
| @@ -27,6 +27,3 @@ index 86442a5..03a5aa8 100644 | |||
| 27 | ADD_SYSCALL(getpid, 0); | 27 | ADD_SYSCALL(getpid, 0); |
| 28 | ADD_SYSCALL(gettimeofday, 0); | 28 | ADD_SYSCALL(gettimeofday, 0); |
| 29 | #if defined(HAVE_CLOCK_GETTIME) | 29 | #if defined(HAVE_CLOCK_GETTIME) |
| 30 | -- | ||
| 31 | 2.30.2 | ||
| 32 | |||
diff --git a/meta/recipes-support/gnutls/gnutls_3.8.3.bb b/meta/recipes-support/gnutls/gnutls_3.8.4.bb index 27d6753be0..20139b4dd4 100644 --- a/meta/recipes-support/gnutls/gnutls_3.8.3.bb +++ b/meta/recipes-support/gnutls/gnutls_3.8.4.bb | |||
| @@ -25,7 +25,7 @@ SRC_URI = "https://www.gnupg.org/ftp/gcrypt/gnutls/v${SHRT_VER}/gnutls-${PV}.tar | |||
| 25 | file://Add-ptest-support.patch \ | 25 | file://Add-ptest-support.patch \ |
| 26 | " | 26 | " |
| 27 | 27 | ||
| 28 | SRC_URI[sha256sum] = "f74fc5954b27d4ec6dfbb11dea987888b5b124289a3703afcada0ee520f4173e" | 28 | SRC_URI[sha256sum] = "2bea4e154794f3f00180fa2a5c51fe8b005ac7a31cd58bd44cdfa7f36ebc3a9b" |
| 29 | 29 | ||
| 30 | inherit autotools texinfo pkgconfig gettext lib_package gtk-doc ptest | 30 | inherit autotools texinfo pkgconfig gettext lib_package gtk-doc ptest |
| 31 | 31 | ||