diff options
Diffstat (limited to 'meta/recipes-support/gnutls')
-rw-r--r-- | meta/recipes-support/gnutls/gnutls/0001-Creating-.hmac-file-should-be-excuted-in-target-envi.patch | 26 | ||||
-rw-r--r-- | meta/recipes-support/gnutls/gnutls/0001-Fix-RSAES-PKCS1-v1_5-system-wide-configuration.patch | 269 | ||||
-rw-r--r-- | meta/recipes-support/gnutls/gnutls/Add-ptest-support.patch | 57 | ||||
-rw-r--r-- | meta/recipes-support/gnutls/gnutls/arm_eabi.patch | 7 | ||||
-rw-r--r-- | meta/recipes-support/gnutls/gnutls/run-ptest | 100 | ||||
-rw-r--r-- | meta/recipes-support/gnutls/gnutls_3.7.0.bb | 67 | ||||
-rw-r--r-- | meta/recipes-support/gnutls/gnutls_3.8.5.bb | 101 | ||||
-rw-r--r-- | meta/recipes-support/gnutls/libtasn1/dont-depend-on-help2man.patch | 26 | ||||
-rw-r--r-- | meta/recipes-support/gnutls/libtasn1_4.19.0.bb (renamed from meta/recipes-support/gnutls/libtasn1_4.16.0.bb) | 13 |
9 files changed, 582 insertions, 84 deletions
diff --git a/meta/recipes-support/gnutls/gnutls/0001-Creating-.hmac-file-should-be-excuted-in-target-envi.patch b/meta/recipes-support/gnutls/gnutls/0001-Creating-.hmac-file-should-be-excuted-in-target-envi.patch new file mode 100644 index 0000000000..d13bfee8ef --- /dev/null +++ b/meta/recipes-support/gnutls/gnutls/0001-Creating-.hmac-file-should-be-excuted-in-target-envi.patch | |||
@@ -0,0 +1,26 @@ | |||
1 | From 7be8ec59a53e93c2bd453b3ba2d63d1b300ef11f Mon Sep 17 00:00:00 2001 | ||
2 | From: Lei Maohui <leimaohui@fujitsu.com> | ||
3 | Date: Mon, 23 May 2022 10:44:43 +0900 | ||
4 | Subject: [PATCH] Creating .hmac file should be excuted in target environment, | ||
5 | so deleted it from build process. | ||
6 | |||
7 | Upstream-Status: Inappropriate [https://gitlab.com/gnutls/gnutls/-/issues/1373] | ||
8 | Signed-off-by: Lei Maohui <leimaohui@fujitsu.com> | ||
9 | --- | ||
10 | lib/Makefile.am | 3 +-- | ||
11 | 1 file changed, 1 insertion(+), 2 deletions(-) | ||
12 | |||
13 | diff --git a/lib/Makefile.am b/lib/Makefile.am | ||
14 | index a50d311..193ea19 100644 | ||
15 | --- a/lib/Makefile.am | ||
16 | +++ b/lib/Makefile.am | ||
17 | @@ -198,8 +198,7 @@ hmac_file = .libs/.$(gnutls_so).hmac | ||
18 | |||
19 | all-local: $(hmac_file) | ||
20 | |||
21 | -$(hmac_file): libgnutls.la fipshmac | ||
22 | - $(AM_V_GEN) $(builddir)/fipshmac > $@-t && mv $@-t $@ | ||
23 | +.libs/.$(gnutls_so).hmac: | ||
24 | |||
25 | CLEANFILES = $(hmac_file) | ||
26 | endif | ||
diff --git a/meta/recipes-support/gnutls/gnutls/0001-Fix-RSAES-PKCS1-v1_5-system-wide-configuration.patch b/meta/recipes-support/gnutls/gnutls/0001-Fix-RSAES-PKCS1-v1_5-system-wide-configuration.patch new file mode 100644 index 0000000000..cc39f5c9a5 --- /dev/null +++ b/meta/recipes-support/gnutls/gnutls/0001-Fix-RSAES-PKCS1-v1_5-system-wide-configuration.patch | |||
@@ -0,0 +1,269 @@ | |||
1 | From 2d73d945c4b1dfcf8d2328c4d23187d62ffaab2d Mon Sep 17 00:00:00 2001 | ||
2 | From: Zoltan Fridrich <zfridric@redhat.com> | ||
3 | Date: Wed, 10 Apr 2024 12:51:33 +0200 | ||
4 | Subject: [PATCH] Fix RSAES-PKCS1-v1_5 system-wide configuration | ||
5 | |||
6 | Upstream-Status: Backport [expected for 3.8.6 https://gitlab.com/gnutls/gnutls/-/merge_requests/1830?commit_id=2d73d945c4b1dfcf8d2328c4d23187d62ffaab2d] | ||
7 | |||
8 | Signed-off-by: Simone Weiß <simone.p.weiss@posteo.com> | ||
9 | Signed-off-by: Zoltan Fridrich <zfridric@redhat.com> | ||
10 | --- | ||
11 | lib/priority.c | 125 +++++++++++------- | ||
12 | ...system-override-allow-rsa-pkcs1-encrypt.sh | 27 +++- | ||
13 | 2 files changed, 96 insertions(+), 56 deletions(-) | ||
14 | |||
15 | diff --git a/lib/priority.c b/lib/priority.c | ||
16 | index 8abe00d1ff..3434619aad 100644 | ||
17 | --- a/lib/priority.c | ||
18 | +++ b/lib/priority.c | ||
19 | @@ -1018,6 +1018,12 @@ struct cfg { | ||
20 | bool force_ext_master_secret_set; | ||
21 | }; | ||
22 | |||
23 | +static inline void cfg_init(struct cfg *cfg) | ||
24 | +{ | ||
25 | + memset(cfg, 0, sizeof(*cfg)); | ||
26 | + cfg->allow_rsa_pkcs1_encrypt = true; | ||
27 | +} | ||
28 | + | ||
29 | static inline void cfg_deinit(struct cfg *cfg) | ||
30 | { | ||
31 | if (cfg->priority_strings) { | ||
32 | @@ -1095,6 +1101,12 @@ struct ini_ctx { | ||
33 | size_t curves_size; | ||
34 | }; | ||
35 | |||
36 | +static inline void ini_ctx_init(struct ini_ctx *ctx) | ||
37 | +{ | ||
38 | + memset(ctx, 0, sizeof(*ctx)); | ||
39 | + cfg_init(&ctx->cfg); | ||
40 | +} | ||
41 | + | ||
42 | static inline void ini_ctx_deinit(struct ini_ctx *ctx) | ||
43 | { | ||
44 | cfg_deinit(&ctx->cfg); | ||
45 | @@ -1423,9 +1435,6 @@ static inline int cfg_apply(struct cfg *cfg, struct ini_ctx *ctx) | ||
46 | _gnutls_default_priority_string = cfg->default_priority_string; | ||
47 | } | ||
48 | |||
49 | - /* enable RSA-PKCS1-V1_5 by default */ | ||
50 | - cfg->allow_rsa_pkcs1_encrypt = true; | ||
51 | - | ||
52 | if (cfg->allowlisting) { | ||
53 | /* also updates `flags` of global `hash_algorithms[]` */ | ||
54 | ret = cfg_hashes_set_array(cfg, ctx->hashes, ctx->hashes_size); | ||
55 | @@ -2217,22 +2226,73 @@ update_system_wide_priority_string(void) | ||
56 | return 0; | ||
57 | } | ||
58 | |||
59 | +/* Returns false on parse error, otherwise true. | ||
60 | + * The system_wide_config must be locked for writing. | ||
61 | + */ | ||
62 | +static inline bool load_system_priority_file(void) | ||
63 | +{ | ||
64 | + int err; | ||
65 | + FILE *fp; | ||
66 | + struct ini_ctx ctx; | ||
67 | + | ||
68 | + cfg_init(&system_wide_config); | ||
69 | + | ||
70 | + fp = fopen(system_priority_file, "re"); | ||
71 | + if (fp == NULL) { | ||
72 | + _gnutls_debug_log("cfg: unable to open: %s: %d\n", | ||
73 | + system_priority_file, errno); | ||
74 | + return true; | ||
75 | + } | ||
76 | + | ||
77 | + /* Parsing the configuration file needs to be done in 2 phases: | ||
78 | + * first parsing the [global] section | ||
79 | + * and then the other sections, | ||
80 | + * because the [global] section modifies the parsing behavior. | ||
81 | + */ | ||
82 | + ini_ctx_init(&ctx); | ||
83 | + err = ini_parse_file(fp, global_ini_handler, &ctx); | ||
84 | + if (!err) { | ||
85 | + if (fseek(fp, 0L, SEEK_SET) < 0) { | ||
86 | + _gnutls_debug_log("cfg: unable to rewind: %s\n", | ||
87 | + system_priority_file); | ||
88 | + if (fail_on_invalid_config) | ||
89 | + exit(1); | ||
90 | + } | ||
91 | + err = ini_parse_file(fp, cfg_ini_handler, &ctx); | ||
92 | + } | ||
93 | + fclose(fp); | ||
94 | + if (err) { | ||
95 | + ini_ctx_deinit(&ctx); | ||
96 | + _gnutls_debug_log("cfg: unable to parse: %s: %d\n", | ||
97 | + system_priority_file, err); | ||
98 | + return false; | ||
99 | + } | ||
100 | + cfg_apply(&system_wide_config, &ctx); | ||
101 | + ini_ctx_deinit(&ctx); | ||
102 | + return true; | ||
103 | +} | ||
104 | + | ||
105 | static int _gnutls_update_system_priorities(bool defer_system_wide) | ||
106 | { | ||
107 | - int ret, err = 0; | ||
108 | + int ret; | ||
109 | + bool config_parse_error = false; | ||
110 | struct stat sb; | ||
111 | - FILE *fp; | ||
112 | gnutls_buffer_st buf; | ||
113 | - struct ini_ctx ctx; | ||
114 | |||
115 | ret = gnutls_rwlock_rdlock(&system_wide_config_rwlock); | ||
116 | - if (ret < 0) { | ||
117 | + if (ret < 0) | ||
118 | return gnutls_assert_val(ret); | ||
119 | - } | ||
120 | |||
121 | if (stat(system_priority_file, &sb) < 0) { | ||
122 | _gnutls_debug_log("cfg: unable to access: %s: %d\n", | ||
123 | system_priority_file, errno); | ||
124 | + | ||
125 | + (void)gnutls_rwlock_unlock(&system_wide_config_rwlock); | ||
126 | + ret = gnutls_rwlock_wrlock(&system_wide_config_rwlock); | ||
127 | + if (ret < 0) | ||
128 | + goto out; | ||
129 | + /* If system-wide config is unavailable, apply the defaults */ | ||
130 | + cfg_init(&system_wide_config); | ||
131 | goto out; | ||
132 | } | ||
133 | |||
134 | @@ -2240,63 +2300,27 @@ static int _gnutls_update_system_priorities(bool defer_system_wide) | ||
135 | system_priority_last_mod == sb.st_mtime) { | ||
136 | _gnutls_debug_log("cfg: system priority %s has not changed\n", | ||
137 | system_priority_file); | ||
138 | - if (system_wide_config.priority_string) { | ||
139 | + if (system_wide_config.priority_string) | ||
140 | goto out; /* nothing to do */ | ||
141 | - } | ||
142 | } | ||
143 | |||
144 | (void)gnutls_rwlock_unlock(&system_wide_config_rwlock); | ||
145 | |||
146 | ret = gnutls_rwlock_wrlock(&system_wide_config_rwlock); | ||
147 | - if (ret < 0) { | ||
148 | + if (ret < 0) | ||
149 | return gnutls_assert_val(ret); | ||
150 | - } | ||
151 | |||
152 | /* Another thread could have successfully re-read system-wide config, | ||
153 | * skip re-reading if the mtime it has used is exactly the same. | ||
154 | */ | ||
155 | - if (system_priority_file_loaded) { | ||
156 | + if (system_priority_file_loaded) | ||
157 | system_priority_file_loaded = | ||
158 | (system_priority_last_mod == sb.st_mtime); | ||
159 | - } | ||
160 | |||
161 | if (!system_priority_file_loaded) { | ||
162 | - _name_val_array_clear(&system_wide_config.priority_strings); | ||
163 | - | ||
164 | - gnutls_free(system_wide_config.priority_string); | ||
165 | - system_wide_config.priority_string = NULL; | ||
166 | - | ||
167 | - fp = fopen(system_priority_file, "re"); | ||
168 | - if (fp == NULL) { | ||
169 | - _gnutls_debug_log("cfg: unable to open: %s: %d\n", | ||
170 | - system_priority_file, errno); | ||
171 | + config_parse_error = !load_system_priority_file(); | ||
172 | + if (config_parse_error) | ||
173 | goto out; | ||
174 | - } | ||
175 | - /* Parsing the configuration file needs to be done in 2 phases: | ||
176 | - * first parsing the [global] section | ||
177 | - * and then the other sections, | ||
178 | - * because the [global] section modifies the parsing behavior. | ||
179 | - */ | ||
180 | - memset(&ctx, 0, sizeof(ctx)); | ||
181 | - err = ini_parse_file(fp, global_ini_handler, &ctx); | ||
182 | - if (!err) { | ||
183 | - if (fseek(fp, 0L, SEEK_SET) < 0) { | ||
184 | - _gnutls_debug_log("cfg: unable to rewind: %s\n", | ||
185 | - system_priority_file); | ||
186 | - if (fail_on_invalid_config) | ||
187 | - exit(1); | ||
188 | - } | ||
189 | - err = ini_parse_file(fp, cfg_ini_handler, &ctx); | ||
190 | - } | ||
191 | - fclose(fp); | ||
192 | - if (err) { | ||
193 | - ini_ctx_deinit(&ctx); | ||
194 | - _gnutls_debug_log("cfg: unable to parse: %s: %d\n", | ||
195 | - system_priority_file, err); | ||
196 | - goto out; | ||
197 | - } | ||
198 | - cfg_apply(&system_wide_config, &ctx); | ||
199 | - ini_ctx_deinit(&ctx); | ||
200 | _gnutls_debug_log("cfg: loaded system config %s mtime %lld\n", | ||
201 | system_priority_file, | ||
202 | (unsigned long long)sb.st_mtime); | ||
203 | @@ -2332,9 +2356,8 @@ static int _gnutls_update_system_priorities(bool defer_system_wide) | ||
204 | out: | ||
205 | (void)gnutls_rwlock_unlock(&system_wide_config_rwlock); | ||
206 | |||
207 | - if (err && fail_on_invalid_config) { | ||
208 | + if (config_parse_error && fail_on_invalid_config) | ||
209 | exit(1); | ||
210 | - } | ||
211 | |||
212 | return ret; | ||
213 | } | ||
214 | diff --git a/tests/system-override-allow-rsa-pkcs1-encrypt.sh b/tests/system-override-allow-rsa-pkcs1-encrypt.sh | ||
215 | index b7d477c96e..714d0af946 100755 | ||
216 | --- a/tests/system-override-allow-rsa-pkcs1-encrypt.sh | ||
217 | +++ b/tests/system-override-allow-rsa-pkcs1-encrypt.sh | ||
218 | @@ -19,9 +19,8 @@ | ||
219 | # You should have received a copy of the GNU Lesser General Public License | ||
220 | # along with this program. If not, see <https://www.gnu.org/licenses/> | ||
221 | |||
222 | -: ${srcdir=.} | ||
223 | -TEST=${srcdir}/rsaes-pkcs1-v1_5 | ||
224 | -CONF=${srcdir}/config.$$.tmp | ||
225 | +TEST=${builddir}/rsaes-pkcs1-v1_5 | ||
226 | +CONF=config.$$.tmp | ||
227 | export GNUTLS_SYSTEM_PRIORITY_FILE=${CONF} | ||
228 | export GNUTLS_SYSTEM_PRIORITY_FAIL_ON_INVALID=1 | ||
229 | |||
230 | @@ -38,15 +37,33 @@ cat <<_EOF_ > ${CONF} | ||
231 | allow-rsa-pkcs1-encrypt = true | ||
232 | _EOF_ | ||
233 | |||
234 | -${TEST} && fail "RSAES-PKCS1-v1_5 expected to succeed" | ||
235 | +${TEST} | ||
236 | +if [ $? != 0 ]; then | ||
237 | + echo "${TEST} expected to succeed" | ||
238 | + exit 1 | ||
239 | +fi | ||
240 | +echo "RSAES-PKCS1-v1_5 successfully enabled" | ||
241 | |||
242 | cat <<_EOF_ > ${CONF} | ||
243 | [overrides] | ||
244 | allow-rsa-pkcs1-encrypt = false | ||
245 | _EOF_ | ||
246 | |||
247 | -${TEST} || fail "RSAES-PKCS1-v1_5 expected to fail" | ||
248 | +${TEST} | ||
249 | +if [ $? = 0 ]; then | ||
250 | + echo "${TEST} expected to fail" | ||
251 | + exit 1 | ||
252 | +fi | ||
253 | +echo "RSAES-PKCS1-v1_5 successfully disabled" | ||
254 | |||
255 | unset GNUTLS_SYSTEM_PRIORITY_FILE | ||
256 | unset GNUTLS_SYSTEM_PRIORITY_FAIL_ON_INVALID | ||
257 | + | ||
258 | +${TEST} | ||
259 | +if [ $? != 0 ]; then | ||
260 | + echo "${TEST} expected to succeed by default" | ||
261 | + exit 1 | ||
262 | +fi | ||
263 | +echo "RSAES-PKCS1-v1_5 successfully enabled by default" | ||
264 | + | ||
265 | exit 0 | ||
266 | -- | ||
267 | GitLab | ||
268 | |||
269 | |||
diff --git a/meta/recipes-support/gnutls/gnutls/Add-ptest-support.patch b/meta/recipes-support/gnutls/gnutls/Add-ptest-support.patch new file mode 100644 index 0000000000..8edd31d6b9 --- /dev/null +++ b/meta/recipes-support/gnutls/gnutls/Add-ptest-support.patch | |||
@@ -0,0 +1,57 @@ | |||
1 | From bfa70adcbda4e505cf2e597907852e78e0439ee2 Mon Sep 17 00:00:00 2001 | ||
2 | From: Ravineet Singh <ravineet.a.singh@est.tech> | ||
3 | Date: Tue, 10 Jan 2023 16:11:10 +0100 | ||
4 | Subject: [PATCH] gnutls: add ptest support | ||
5 | |||
6 | Upstream-Status: Inappropriate [embedded specific] | ||
7 | Signed-off-by: Ravineet Singh <ravineet.a.singh@est.tech> | ||
8 | --- | ||
9 | Makefile.am | 3 +++ | ||
10 | configure.ac | 2 ++ | ||
11 | tests/Makefile.am | 6 ++++++ | ||
12 | 3 files changed, 11 insertions(+) | ||
13 | |||
14 | diff --git a/Makefile.am b/Makefile.am | ||
15 | index 843193f..816b09f 100644 | ||
16 | --- a/Makefile.am | ||
17 | +++ b/Makefile.am | ||
18 | @@ -191,6 +191,9 @@ dist-hook: | ||
19 | mv ChangeLog $(distdir) | ||
20 | touch -c $(distdir)/doc/*.html $(distdir)/doc/*.pdf $(distdir)/doc/*.info | ||
21 | |||
22 | +install-ptest: | ||
23 | + $(MAKE) -C tests DESTDIR=$(DESTDIR)/tests $@ | ||
24 | + | ||
25 | .PHONY: abi-check abi-dump-versioned abi-dump-latest pic-check symbol-check local-code-coverage-output files-update AUTHORS | ||
26 | |||
27 | include $(top_srcdir)/cligen/cligen.mk | ||
28 | diff --git a/configure.ac b/configure.ac | ||
29 | index 934377e..4406eae 100644 | ||
30 | --- a/configure.ac | ||
31 | +++ b/configure.ac | ||
32 | @@ -1213,6 +1213,8 @@ AC_SUBST(LIBGNUTLS_CFLAGS) | ||
33 | |||
34 | AM_CONDITIONAL(NEEDS_LIBRT, test "$gnutls_needs_librt" = "yes") | ||
35 | |||
36 | +AM_EXTRA_RECURSIVE_TARGETS([buildtest-TESTS]) | ||
37 | + | ||
38 | AC_DEFINE([GNUTLS_INTERNAL_BUILD], 1, [We allow temporarily usage of deprecated functions - until they are removed.]) | ||
39 | |||
40 | hw_features= | ||
41 | diff --git a/tests/Makefile.am b/tests/Makefile.am | ||
42 | index e39a3b3..861dd63 100644 | ||
43 | --- a/tests/Makefile.am | ||
44 | +++ b/tests/Makefile.am | ||
45 | @@ -663,6 +663,12 @@ SH_LOG_COMPILER = $(SHELL) | ||
46 | AM_VALGRINDFLAGS = --suppressions=$(srcdir)/suppressions.valgrind | ||
47 | LOG_COMPILER = $(LOG_VALGRIND) | ||
48 | |||
49 | +install-ptest: $(check_PROGRAMS) | ||
50 | + @$(INSTALL) -d $(DESTDIR) | ||
51 | + @for file in $^; do \ | ||
52 | + $(INSTALL_PROGRAM) $$file $(DESTDIR) ; \ | ||
53 | + done | ||
54 | + | ||
55 | distclean-local: | ||
56 | rm -rf softhsm-*.db softhsm-*.config *.tmp tmp-* x509-crt-list-import-url.config.db port.lock.d | ||
57 | |||
diff --git a/meta/recipes-support/gnutls/gnutls/arm_eabi.patch b/meta/recipes-support/gnutls/gnutls/arm_eabi.patch index 6eb1edbdb1..883d0123db 100644 --- a/meta/recipes-support/gnutls/gnutls/arm_eabi.patch +++ b/meta/recipes-support/gnutls/gnutls/arm_eabi.patch | |||
@@ -1,4 +1,4 @@ | |||
1 | From 8a5c96057cf305bbeac0d6e0e59ee24fbb9497fe Mon Sep 17 00:00:00 2001 | 1 | From d17ae0ef31c3c186766a338e8c40c87d1b98820e Mon Sep 17 00:00:00 2001 |
2 | From: Joe Slater <jslater@windriver.com> | 2 | From: Joe Slater <jslater@windriver.com> |
3 | Date: Wed, 25 Jan 2017 13:52:59 -0800 | 3 | Date: Wed, 25 Jan 2017 13:52:59 -0800 |
4 | Subject: [PATCH] gnutls: account for ARM_EABI | 4 | Subject: [PATCH] gnutls: account for ARM_EABI |
@@ -9,16 +9,15 @@ reference to them. | |||
9 | Upstream-Status: Pending | 9 | Upstream-Status: Pending |
10 | 10 | ||
11 | Signed-off-by: Joe Slater <jslater@windriver.com> | 11 | Signed-off-by: Joe Slater <jslater@windriver.com> |
12 | |||
13 | --- | 12 | --- |
14 | tests/seccomp.c | 2 ++ | 13 | tests/seccomp.c | 2 ++ |
15 | 1 file changed, 2 insertions(+) | 14 | 1 file changed, 2 insertions(+) |
16 | 15 | ||
17 | diff --git a/tests/seccomp.c b/tests/seccomp.c | 16 | diff --git a/tests/seccomp.c b/tests/seccomp.c |
18 | index ed14d00..3c5b726 100644 | 17 | index 881f0bb..5f9204a 100644 |
19 | --- a/tests/seccomp.c | 18 | --- a/tests/seccomp.c |
20 | +++ b/tests/seccomp.c | 19 | +++ b/tests/seccomp.c |
21 | @@ -53,7 +53,9 @@ int disable_system_calls(void) | 20 | @@ -55,7 +55,9 @@ int disable_system_calls(void) |
22 | 21 | ||
23 | ADD_SYSCALL(nanosleep, 0); | 22 | ADD_SYSCALL(nanosleep, 0); |
24 | ADD_SYSCALL(clock_nanosleep, 0); | 23 | ADD_SYSCALL(clock_nanosleep, 0); |
diff --git a/meta/recipes-support/gnutls/gnutls/run-ptest b/meta/recipes-support/gnutls/gnutls/run-ptest new file mode 100644 index 0000000000..17e26eae70 --- /dev/null +++ b/meta/recipes-support/gnutls/gnutls/run-ptest | |||
@@ -0,0 +1,100 @@ | |||
1 | #!/bin/sh | ||
2 | |||
3 | rjob() { | ||
4 | local job=$1 | ||
5 | local log=$2 | ||
6 | |||
7 | # TODO: Output will be garbled | ||
8 | ./${job} >> ${log} 2>&1 | ||
9 | |||
10 | ret=$? | ||
11 | case $ret in | ||
12 | 0) | ||
13 | echo "PASS: $t" >> ${log} | ||
14 | echo "PASS: $t" | ||
15 | ;; | ||
16 | 77) | ||
17 | echo "SKIP: $t" >> ${log} | ||
18 | echo "SKIP: $t" | ||
19 | ;; | ||
20 | *) | ||
21 | echo "FAIL: $t" >> ${log} | ||
22 | echo "FAIL: $t" | ||
23 | ;; | ||
24 | esac | ||
25 | } | ||
26 | |||
27 | is_disallowed() { | ||
28 | local key=$1 | ||
29 | $(echo ${test_disallowlist} | grep -w -q ${key}) | ||
30 | return $? | ||
31 | } | ||
32 | |||
33 | # TODO | ||
34 | # This list should probably be in a external file | ||
35 | # Testcases defined here either take very long time (dtls-stress) | ||
36 | # or are dependent on local files (certs, etc) in local file system | ||
37 | # currently not exported to target. | ||
38 | |||
39 | test_disallowlist="" | ||
40 | test_disallowlist="${test_disallowlist} dtls-stress" | ||
41 | test_disallowlist="${test_disallowlist} handshake-large-cert" | ||
42 | test_disallowlist="${test_disallowlist} id-on-xmppAddr" | ||
43 | test_disallowlist="${test_disallowlist} mini-x509-cas" | ||
44 | test_disallowlist="${test_disallowlist} pkcs12_simple" | ||
45 | test_disallowlist="${test_disallowlist} protocol-set-allowlist" | ||
46 | test_disallowlist="${test_disallowlist} psk-file" | ||
47 | test_disallowlist="${test_disallowlist} rawpk-api" | ||
48 | test_disallowlist="${test_disallowlist} set_pkcs12_cred" | ||
49 | test_disallowlist="${test_disallowlist} system-override-curves-allowlist" | ||
50 | test_disallowlist="${test_disallowlist} system-override-hash" | ||
51 | test_disallowlist="${test_disallowlist} system-override-sig" | ||
52 | test_disallowlist="${test_disallowlist} system-override-sig-tls" | ||
53 | test_disallowlist="${test_disallowlist} system-prio-file" | ||
54 | test_disallowlist="${test_disallowlist} x509cert-tl" | ||
55 | |||
56 | LOG=${PWD}/tests.log | ||
57 | cd tests | ||
58 | max_njobs=$(grep -c ^processor /proc/cpuinfo) | ||
59 | njobs=0 | ||
60 | |||
61 | set +e | ||
62 | |||
63 | for t in *; do | ||
64 | [ -x $t ] || continue | ||
65 | [ -f $t ] || continue | ||
66 | |||
67 | is_disallowed ${t} | ||
68 | [ $? -eq 0 ] && continue | ||
69 | |||
70 | rjob ${t} ${LOG} & | ||
71 | one=1 | ||
72 | njobs=$(expr ${njobs} + ${one}) | ||
73 | if [ ${njobs} -eq ${max_njobs} ]; then | ||
74 | wait | ||
75 | njobs=0 | ||
76 | fi | ||
77 | done | ||
78 | wait | ||
79 | |||
80 | skipped=$(grep -c SKIP ${LOG}) | ||
81 | passed=$(grep -c PASS ${LOG}) | ||
82 | failed=$(grep -c FAIL ${LOG}) | ||
83 | total=$(expr ${passed} + ${failed} + ${skipped}) | ||
84 | |||
85 | if [ ${failed} -ne 0 ]; then | ||
86 | echo | ||
87 | echo "Tests failed for gnutls, log is:" | ||
88 | echo "--------------------" | ||
89 | cat ${LOG} | ||
90 | echo | ||
91 | fi | ||
92 | |||
93 | echo | ||
94 | echo "gnutls test summary:" | ||
95 | echo "--------------------" | ||
96 | echo "total: ${total}" | ||
97 | echo "pass : ${passed}" | ||
98 | echo "fail : ${failed}" | ||
99 | echo "skip : ${skipped}" | ||
100 | echo | ||
diff --git a/meta/recipes-support/gnutls/gnutls_3.7.0.bb b/meta/recipes-support/gnutls/gnutls_3.7.0.bb deleted file mode 100644 index e3ca86b933..0000000000 --- a/meta/recipes-support/gnutls/gnutls_3.7.0.bb +++ /dev/null | |||
@@ -1,67 +0,0 @@ | |||
1 | SUMMARY = "GNU Transport Layer Security Library" | ||
2 | HOMEPAGE = "http://www.gnu.org/software/gnutls/" | ||
3 | BUGTRACKER = "https://savannah.gnu.org/support/?group=gnutls" | ||
4 | |||
5 | LICENSE = "GPLv3+ & LGPLv2.1+" | ||
6 | LICENSE_${PN} = "LGPLv2.1+" | ||
7 | LICENSE_${PN}-xx = "LGPLv2.1+" | ||
8 | LICENSE_${PN}-bin = "GPLv3+" | ||
9 | LICENSE_${PN}-openssl = "GPLv3+" | ||
10 | |||
11 | LIC_FILES_CHKSUM = "file://LICENSE;md5=71391c8e0c1cfe68077e7fce3b586283 \ | ||
12 | file://doc/COPYING;md5=c678957b0c8e964aa6c70fd77641a71e \ | ||
13 | file://doc/COPYING.LESSER;md5=a6f89e2100d9b6cdffcea4f398e37343" | ||
14 | |||
15 | DEPENDS = "nettle gmp virtual/libiconv libunistring" | ||
16 | DEPENDS_append_libc-musl = " argp-standalone" | ||
17 | |||
18 | SHRT_VER = "${@d.getVar('PV').split('.')[0]}.${@d.getVar('PV').split('.')[1]}" | ||
19 | |||
20 | SRC_URI = "https://www.gnupg.org/ftp/gcrypt/gnutls/v${SHRT_VER}/gnutls-${PV}.tar.xz \ | ||
21 | file://arm_eabi.patch \ | ||
22 | " | ||
23 | |||
24 | SRC_URI[sha256sum] = "49e2a22691d252c9f24a9829b293a8f359095bc5a818351f05f1c0a5188a1df8" | ||
25 | |||
26 | inherit autotools texinfo pkgconfig gettext lib_package gtk-doc | ||
27 | |||
28 | PACKAGECONFIG ??= "libidn" | ||
29 | |||
30 | # You must also have CONFIG_SECCOMP enabled in the kernel for | ||
31 | # seccomp to work. | ||
32 | PACKAGECONFIG[seccomp] = "ac_cv_libseccomp=yes,ac_cv_libseccomp=no,libseccomp" | ||
33 | PACKAGECONFIG[libidn] = "--with-idn,--without-idn,libidn2" | ||
34 | PACKAGECONFIG[libtasn1] = "--with-included-libtasn1=no,--with-included-libtasn1,libtasn1" | ||
35 | PACKAGECONFIG[p11-kit] = "--with-p11-kit,--without-p11-kit,p11-kit" | ||
36 | PACKAGECONFIG[tpm] = "--with-tpm,--without-tpm,trousers" | ||
37 | |||
38 | EXTRA_OECONF = " \ | ||
39 | --enable-doc \ | ||
40 | --disable-libdane \ | ||
41 | --disable-guile \ | ||
42 | --disable-rpath \ | ||
43 | --enable-local-libopts \ | ||
44 | --enable-openssl-compatibility \ | ||
45 | --with-libpthread-prefix=${STAGING_DIR_HOST}${prefix} \ | ||
46 | --with-librt-prefix=${STAGING_DIR_HOST}${prefix} \ | ||
47 | --with-default-trust-store-file=${sysconfdir}/ssl/certs/ca-certificates.crt \ | ||
48 | " | ||
49 | |||
50 | # Otherwise the tools try and use HOSTTOOLS_DIR/bash as a shell. | ||
51 | export POSIX_SHELL="${base_bindir}/sh" | ||
52 | |||
53 | LDFLAGS_append_libc-musl = " -largp" | ||
54 | |||
55 | do_configure_prepend() { | ||
56 | for dir in . lib; do | ||
57 | rm -f ${dir}/aclocal.m4 ${dir}/m4/libtool.m4 ${dir}/m4/lt*.m4 | ||
58 | done | ||
59 | } | ||
60 | |||
61 | PACKAGES =+ "${PN}-openssl ${PN}-xx" | ||
62 | |||
63 | FILES_${PN}-dev += "${bindir}/gnutls-cli-debug" | ||
64 | FILES_${PN}-openssl = "${libdir}/libgnutls-openssl.so.*" | ||
65 | FILES_${PN}-xx = "${libdir}/libgnutlsxx.so.*" | ||
66 | |||
67 | BBCLASSEXTEND = "native nativesdk" | ||
diff --git a/meta/recipes-support/gnutls/gnutls_3.8.5.bb b/meta/recipes-support/gnutls/gnutls_3.8.5.bb new file mode 100644 index 0000000000..52a1c00c4a --- /dev/null +++ b/meta/recipes-support/gnutls/gnutls_3.8.5.bb | |||
@@ -0,0 +1,101 @@ | |||
1 | SUMMARY = "GNU Transport Layer Security Library" | ||
2 | DESCRIPTION = "a secure communications library implementing the SSL, \ | ||
3 | TLS and DTLS protocols and technologies around them." | ||
4 | HOMEPAGE = "https://gnutls.org/" | ||
5 | BUGTRACKER = "https://savannah.gnu.org/support/?group=gnutls" | ||
6 | |||
7 | LICENSE = "GPL-3.0-or-later & LGPL-2.1-or-later" | ||
8 | LICENSE:${PN} = "LGPL-2.1-or-later" | ||
9 | LICENSE:${PN}-xx = "LGPL-2.1-or-later" | ||
10 | LICENSE:${PN}-bin = "GPL-3.0-or-later" | ||
11 | LICENSE:${PN}-openssl = "GPL-3.0-or-later" | ||
12 | |||
13 | LIC_FILES_CHKSUM = "file://LICENSE;md5=71391c8e0c1cfe68077e7fce3b586283 \ | ||
14 | file://doc/COPYING;md5=1ebbd3e34237af26da5dc08a4e440464 \ | ||
15 | file://doc/COPYING.LESSER;md5=4fbd65380cdd255951079008b364516c" | ||
16 | |||
17 | DEPENDS = "nettle gmp virtual/libiconv libunistring" | ||
18 | |||
19 | SHRT_VER = "${@d.getVar('PV').split('.')[0]}.${@d.getVar('PV').split('.')[1]}" | ||
20 | |||
21 | SRC_URI = "https://www.gnupg.org/ftp/gcrypt/gnutls/v${SHRT_VER}/gnutls-${PV}.tar.xz \ | ||
22 | file://arm_eabi.patch \ | ||
23 | file://0001-Creating-.hmac-file-should-be-excuted-in-target-envi.patch \ | ||
24 | file://0001-Fix-RSAES-PKCS1-v1_5-system-wide-configuration.patch \ | ||
25 | file://run-ptest \ | ||
26 | file://Add-ptest-support.patch \ | ||
27 | " | ||
28 | |||
29 | SRC_URI[sha256sum] = "66269a2cfe0e1c2dabec87bdbbd8ab656f396edd9a40dd006978e003cfa52bfc" | ||
30 | |||
31 | inherit autotools texinfo pkgconfig gettext lib_package gtk-doc ptest | ||
32 | |||
33 | PACKAGECONFIG ??= "libidn libtasn1 ${@bb.utils.filter('DISTRO_FEATURES', 'seccomp', d)}" | ||
34 | |||
35 | # You must also have CONFIG_SECCOMP enabled in the kernel for | ||
36 | # seccomp to work. | ||
37 | PACKAGECONFIG[seccomp] = "--with-libseccomp-prefix=${STAGING_EXECPREFIXDIR},ac_cv_libseccomp=no,libseccomp" | ||
38 | PACKAGECONFIG[libidn] = "--with-idn,--without-idn,libidn2" | ||
39 | PACKAGECONFIG[libtasn1] = "--without-included-libtasn1,--with-included-libtasn1,libtasn1" | ||
40 | PACKAGECONFIG[p11-kit] = "--with-p11-kit,--without-p11-kit,p11-kit" | ||
41 | PACKAGECONFIG[tpm] = "--with-tpm,--without-tpm,trousers" | ||
42 | PACKAGECONFIG[fips] = "--enable-fips140-mode --with-libdl-prefix=${STAGING_BASELIBDIR}" | ||
43 | PACKAGECONFIG[dane] = "--enable-libdane,--disable-libdane,unbound" | ||
44 | # Certificate compression | ||
45 | PACKAGECONFIG[brotli] = "--with-brotli,--without-brotli,brotli" | ||
46 | PACKAGECONFIG[zlib] = "--with-zlib,--without-zlib,zlib" | ||
47 | PACKAGECONFIG[zstd] = "--with-zstd,--without-zstd,zstd" | ||
48 | |||
49 | EXTRA_OECONF = " \ | ||
50 | --enable-doc \ | ||
51 | --disable-rpath \ | ||
52 | --enable-openssl-compatibility \ | ||
53 | --with-libpthread-prefix=${STAGING_DIR_HOST}${prefix} \ | ||
54 | --with-librt-prefix=${STAGING_DIR_HOST}${prefix} \ | ||
55 | --with-default-trust-store-file=${sysconfdir}/ssl/certs/ca-certificates.crt \ | ||
56 | " | ||
57 | |||
58 | # Otherwise the tools try and use HOSTTOOLS_DIR/bash as a shell. | ||
59 | export POSIX_SHELL="${base_bindir}/sh" | ||
60 | |||
61 | do_configure:prepend() { | ||
62 | for dir in . lib; do | ||
63 | rm -f ${dir}/aclocal.m4 ${dir}/m4/libtool.m4 ${dir}/m4/lt*.m4 | ||
64 | done | ||
65 | } | ||
66 | |||
67 | do_compile_ptest() { | ||
68 | oe_runmake -C tests buildtest-TESTS | ||
69 | } | ||
70 | |||
71 | do_install:append:class-target() { | ||
72 | if ${@bb.utils.contains('PACKAGECONFIG', 'fips', 'true', 'false', d)}; then | ||
73 | install -d ${D}${bindir}/bin | ||
74 | install -m 0755 ${B}/lib/.libs/fipshmac ${D}/${bindir}/ | ||
75 | fi | ||
76 | } | ||
77 | |||
78 | PACKAGES =+ "${PN}-dane ${PN}-openssl ${PN}-xx ${PN}-fips" | ||
79 | |||
80 | FILES:${PN}-dev += "${bindir}/gnutls-cli-debug" | ||
81 | |||
82 | FILES:${PN}-dane = "${libdir}/libgnutls-dane.so.*" | ||
83 | FILES:${PN}-openssl = "${libdir}/libgnutls-openssl.so.*" | ||
84 | FILES:${PN}-xx = "${libdir}/libgnutlsxx.so.*" | ||
85 | FILES:${PN}-fips = "${bindir}/fipshmac" | ||
86 | |||
87 | RDEPENDS:${PN}-ptest += "python3" | ||
88 | |||
89 | BBCLASSEXTEND = "native nativesdk" | ||
90 | |||
91 | pkg_postinst_ontarget:${PN}-fips () { | ||
92 | if test -x ${bindir}/fipshmac | ||
93 | then | ||
94 | mkdir ${sysconfdir}/gnutls | ||
95 | touch ${sysconfdir}/gnutls/config | ||
96 | ${bindir}/fipshmac ${libdir}/libgnutls.so.30.*.* > ${libdir}/.libgnutls.so.30.hmac | ||
97 | ${bindir}/fipshmac ${libdir}/libnettle.so.8.* > ${libdir}/.libnettle.so.8.hmac | ||
98 | ${bindir}/fipshmac ${libdir}/libgmp.so.10.*.* > ${libdir}/.libgmp.so.10.hmac | ||
99 | ${bindir}/fipshmac ${libdir}/libhogweed.so.6.* > ${libdir}/.libhogweed.so.6.hmac | ||
100 | fi | ||
101 | } | ||
diff --git a/meta/recipes-support/gnutls/libtasn1/dont-depend-on-help2man.patch b/meta/recipes-support/gnutls/libtasn1/dont-depend-on-help2man.patch index 2ac89f3b32..216d636793 100644 --- a/meta/recipes-support/gnutls/libtasn1/dont-depend-on-help2man.patch +++ b/meta/recipes-support/gnutls/libtasn1/dont-depend-on-help2man.patch | |||
@@ -1,14 +1,26 @@ | |||
1 | From 629fc6427710e48b78f8b1f300dd698fe898cfd4 Mon Sep 17 00:00:00 2001 | ||
2 | From: Marko Lindqvist <cazfi74@gmail.com> | ||
3 | Date: Mon, 7 Jan 2013 01:49:40 +0200 | ||
4 | Subject: [PATCH] libtasn1: remove help2man dependency | ||
5 | |||
1 | Upstream-Status: Inappropriate | 6 | Upstream-Status: Inappropriate |
2 | 7 | ||
3 | Signed-off-by: Marko Lindqvist <cazfi74@gmail.com> | 8 | Signed-off-by: Marko Lindqvist <cazfi74@gmail.com> |
4 | diff -Nurd libtasn1-2.14/doc/Makefile.am libtasn1-2.14/doc/Makefile.am | ||
5 | --- libtasn1-2.14/doc/Makefile.am 2012-09-24 15:08:42.000000000 +0300 | ||
6 | +++ libtasn1-2.14/doc/Makefile.am 2013-01-03 07:35:26.702763403 +0200 | ||
7 | @@ -31,7 +31,7 @@ | ||
8 | AM_MAKEINFOHTMLFLAGS = $(AM_MAKEINFOFLAGS) \ | ||
9 | --no-split --number-sections --css-include=texinfo.css | ||
10 | 9 | ||
10 | --- | ||
11 | doc/Makefile.am | 2 +- | ||
12 | 1 file changed, 1 insertion(+), 1 deletion(-) | ||
13 | |||
14 | diff --git a/doc/Makefile.am b/doc/Makefile.am | ||
15 | index a0171a5..8aa4d3d 100644 | ||
16 | --- a/doc/Makefile.am | ||
17 | +++ b/doc/Makefile.am | ||
18 | @@ -28,7 +28,7 @@ libtasn1_TEXINFOS += asn1Coding-help.texi asn1Decoding-help.texi asn1Parser-help | ||
19 | |||
20 | AM_MAKEINFOHTMLFLAGS = --no-split $(AM_MAKEINFOFLAGS) | ||
21 | |||
11 | -dist_man_MANS = $(gdoc_MANS) asn1Parser.1 asn1Coding.1 asn1Decoding.1 | 22 | -dist_man_MANS = $(gdoc_MANS) asn1Parser.1 asn1Coding.1 asn1Decoding.1 |
12 | +dist_man_MANS = $(gdoc_MANS) | 23 | +dist_man_MANS = $(gdoc_MANS) |
13 | 24 | ||
14 | HELP2MAN_OPTS = --info-page libtasn1 | 25 | HELP2MAN_OPTS = --info-page libtasn1 |
26 | |||
diff --git a/meta/recipes-support/gnutls/libtasn1_4.16.0.bb b/meta/recipes-support/gnutls/libtasn1_4.19.0.bb index 18dae6d0c9..5fb8b54c06 100644 --- a/meta/recipes-support/gnutls/libtasn1_4.16.0.bb +++ b/meta/recipes-support/gnutls/libtasn1_4.19.0.bb | |||
@@ -1,12 +1,14 @@ | |||
1 | SUMMARY = "Library for ASN.1 and DER manipulation" | 1 | SUMMARY = "Library for ASN.1 and DER manipulation" |
2 | DESCRIPTION = "A highly portable C library that encodes and decodes \ | ||
3 | DER/BER data following an ASN.1 schema. " | ||
2 | HOMEPAGE = "http://www.gnu.org/software/libtasn1/" | 4 | HOMEPAGE = "http://www.gnu.org/software/libtasn1/" |
3 | 5 | ||
4 | LICENSE = "GPLv3+ & LGPLv2.1+" | 6 | LICENSE = "GPL-3.0-or-later & LGPL-2.1-or-later" |
5 | LICENSE_${PN}-bin = "GPLv3+" | 7 | LICENSE:${PN}-bin = "GPL-3.0-or-later" |
6 | LICENSE_${PN} = "LGPLv2.1+" | 8 | LICENSE:${PN} = "LGPL-2.1-or-later" |
7 | LIC_FILES_CHKSUM = "file://doc/COPYING;md5=d32239bcb673463ab874e80d47fae504 \ | 9 | LIC_FILES_CHKSUM = "file://doc/COPYING;md5=d32239bcb673463ab874e80d47fae504 \ |
8 | file://doc/COPYING.LESSER;md5=4fbd65380cdd255951079008b364516c \ | 10 | file://doc/COPYING.LESSER;md5=4fbd65380cdd255951079008b364516c \ |
9 | file://LICENSE;md5=75ac100ec923f959898182307970c360" | 11 | file://COPYING;md5=75ac100ec923f959898182307970c360" |
10 | 12 | ||
11 | SRC_URI = "${GNU_MIRROR}/libtasn1/libtasn1-${PV}.tar.gz \ | 13 | SRC_URI = "${GNU_MIRROR}/libtasn1/libtasn1-${PV}.tar.gz \ |
12 | file://dont-depend-on-help2man.patch \ | 14 | file://dont-depend-on-help2man.patch \ |
@@ -14,8 +16,7 @@ SRC_URI = "${GNU_MIRROR}/libtasn1/libtasn1-${PV}.tar.gz \ | |||
14 | 16 | ||
15 | DEPENDS = "bison-native" | 17 | DEPENDS = "bison-native" |
16 | 18 | ||
17 | SRC_URI[md5sum] = "531208de3729d42e2af0a32890f08736" | 19 | SRC_URI[sha256sum] = "1613f0ac1cf484d6ec0ce3b8c06d56263cc7242f1c23b30d82d23de345a63f7a" |
18 | SRC_URI[sha256sum] = "0e0fb0903839117cb6e3b56e68222771bebf22ad7fc2295a0ed7d576e8d4329d" | ||
19 | 20 | ||
20 | inherit autotools texinfo lib_package gtk-doc | 21 | inherit autotools texinfo lib_package gtk-doc |
21 | 22 | ||