| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
| |
(From OE-Core rev: 2c037f830856018b212d532198ae17932b3521d1)
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
| |
(From OE-Core rev: 5cc0f0dcf1f41bc148b034b3f7abef756a328cd3)
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
| |
(From OE-Core rev: 8652c95ceb505dd7386166842486c833ea5a7ee7)
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
| |
(From OE-Core rev: 320b62f12334684f1261b06e3e7bc8106e3b9490)
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
Remove backported patches and explicitly pass -std=gnu99 to native CFLAGS
to make sure build passes on older and still supported OSes like CentOS 7.
(From OE-Core rev: cc84d4dcc775c371389e1d351256946cbd003545)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Drop patch from 81485be19b18 ("gnutls: don't use HOSTTOOLS_DIR/bash as a
shell on target") as upstream now honours POSIX_SHELL when set as the
primary target shell.
(From OE-Core rev: bc487ced3be40569157fb40c99bfa68871f74744)
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
| |
(From OE-Core rev: 698efe108de724d9129ca938151ab7c7d3cb34cc)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
This is required before enabling p11-kit support by default in gnutls.
(From OE-Core rev: 2a35202dbffd31eac1c00c03497549805853ad6c)
Signed-off-by: Philippe Normand <philn@igalia.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* For changes in this version, see:
https://gitlab.com/gnutls/libtasn1/-/releases
* Remove the musl patch as it's no longer needed.
* Backport a patch to ensure LDFLAGS are not over-ridden.
License-Update: License clarification, no change in actual terms.
(From OE-Core rev: 243293436d9286f6d9a0f135d569b7b00ccc1078)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
The libopts configure script looks for a shell on the build host and assumes
it's good for the target. However in our builds it find $HOSTTOOLS_DIR/bash
which isn't useful, so patch out the detection and force $base_bindir/sh.
(From OE-Core rev: 9aaa1e3bdfd767fe8e19c00c611b34920644df27)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
-Upgrade from gnutls_3.6.7.bb to gnutls_3.6.8.bb.
(From OE-Core rev: b34486a616ab4d4b30247a5dff58a18ef26ed709)
Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
| |
(From OE-Core rev: 666f6192aaa9e847ad0d920a487b82d984b58d26)
Signed-off-by: Philippe Normand <philn@igalia.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Since version 2.58 the glib-networking TLS database relies on GnuTLS's system
trust store, so not enabling it leads to TLS errors in applications depending on
glib-networking. The raised runtime warning is:
process:500): GLib-Net-WARNING **: 09:14:09.321: Failed to load TLS database: Failed to load system trust store: GnuTLS was not configured with a system trust
(app:490): ... TLS Error: TLS certificate has unknown CA.
(From OE-Core rev: 1d147be584d2f016853edbe9751247d7daa0b5d0)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is a new upstream release from the same stable branch
bringing new features and bugfixes (including CVE fixes).
COPYING changed http -> https.
configure no longer has a --without-libunistring-prefix option.
(From OE-Core rev: 64d1a8be539c003d920b33fd1ae1846da5bd99f9)
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Bug fix only release
Full details:
https://lists.gnupg.org/pipermail/gnutls-help/2018-December/004465.html
(From OE-Core rev: 6186f98ad489a0508c43ea35bd1514c65f33ccf5)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
This recipe doesn't ship a *-config binary, so don't inherit binconfig.
(From OE-Core rev: acfcebec2d0849cc52abed31663da888e2a230f9)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
This recipe doesn't ship a *-config binary, so don't inherit binconfig.
(From OE-Core rev: 8b7d74aa7bb73daf84593fafde3eef4595918b63)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Notable change:
libgnutls: Added the final (RFC8446) version numbering of the TLS1.3 protocol.
see: https://lists.gnupg.org/pipermail/gnutls-help/2018-September/004457.html
(From OE-Core rev: 0697141e7be0b755db600aa0d5a975eac62cc7b8)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
--
[v2]
Fix typo in version in subject
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
By including PACKAGECONFIG options, the recipe takes responsibility
for defining the default state of these options. Although the recipe
currently aligns with the gnutls defaults (ie both disabled) tracking
new gnutls releases will be a maintenance effort. Unless there's a
clear reason to do otherwise, it seems safer to leave the choice of
which SSL/TLS versions to enable by default up to the gnutls
developers.
(From OE-Core rev: 4c1d03eb226aa838622852b70a87260ab1ac9d91)
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
>From gnutls 3.5.8 onwards, the code in configure.ac has been passing
"basename $i" to sed, rather than "echo $i". Since the full ${srcdir}
path is not being processed, there's no risk of unexpected matches.
https://gitlab.com/armcc/gnutls/commit/478179316bc815e1ad518ae318f46e94a13b0e1f
(From OE-Core rev: bce938174d1207685c67c40e341a36ab1158e6eb)
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
| |
(From OE-Core rev: 0119335af368dffa42d9cda673e7aaafbc6f657f)
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
[v2]
Fix new config options form with to disable.
[v1]
release notes: https://lists.gnupg.org/pipermail/gnutls-devel/2018-July/008584.html
add ssl3 and tls1.3 config options now supported.
(From OE-Core rev: d39bf67b8c6d80562d35fc8d8f72d26f77cc451e)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This causes regression on build machines where libunistring is installed
on host. It is also because gnuts is using non standard AC macro called
AC_LIB_HAVE_LINKFLAGS to detect this library and it confusing cross builds.
This reverts commit 60fef4940de7f0440f1216eb2ea0ea683b3e8fdd.
(From OE-Core rev: d8d32b5a58eea161711e3539c4530682de551ede)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
gnutls only works with libidn2, so update the build dependency.
(From OE-Core rev: d2397d1fbe97eb92ff9aeb03155f98e24e95c97d)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
No need to pass --without-libunistring-prefix, and it looks a lot like we're
trying to disable it.
(From OE-Core rev: 60fef4940de7f0440f1216eb2ea0ea683b3e8fdd)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
HTTP is in general more reliable so use that in the SRC_URI.
(From OE-Core rev: 4f3378e0763a94a5daac7169f498177fc6ef4e75)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
| |
(From OE-Core rev: 47249a21354f1cf44eb8e46db6e613cf4718bfab)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The patch tool will apply patches by default with "fuzz", which is where if the
hunk context isn't present but what is there is close enough, it will force the
patch in.
Whilst this is useful when there's just whitespace changes, when applied to
source it is possible for a patch applied with fuzz to produce broken code which
still compiles (see #10450). This is obviously bad.
We'd like to eventually have do_patch() rejecting any fuzz on these grounds. For
that to be realistic the existing patches with fuzz need to be rebased and
reviewed.
(From OE-Core rev: ca9c8fe634ca91fe1825fae7ebb0d00021ca480b)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
Remove backported patch:
CVE-2017-10790.patch
(From OE-Core rev: 2e42ce251a5a789cd2b0e9abc94de07fd0603072)
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
zlib configure.ac support removed in 3.6.1
drop patch
(From OE-Core rev: 537325f204f2f7c66f13a12dc8fc08f8e16e4754)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is a bug fix release on the
current stable branch. Note that, I've also switched the release
cadence to bi-monthly as less and less bug fixes/updates accumulate
each month on this branch.
** API and ABI modifications:
No changes since last version.
(From OE-Core rev: a843ab62f2252165ec3d687de92f939f766376e4)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The _asn1_check_identifier function in GNU Libtasn1 through 4.12 causes
a NULL pointer dereference and crash when reading crafted input that
triggers assignment of a NULL value within an asn1_node structure. It
may lead to a remote denial of service attack.
References:
https://nvd.nist.gov/vuln/detail/CVE-2017-10790
http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commit;
h=d8d805e1f2e6799bb2dff4871a8598dc83088a39
(From OE-Core rev: 6176151625c971de031e14c97601ffd75a29772f)
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Some of these are clearly dead, e.g. one binutils patch reverts the effects
of the earlier one.
This also removes the uclibc site files. We now have mechanisms to allow these
to be extended from another layer should someone ever wish to do that.
(From OE-Core rev: e01e7c543a559c8926d72159b5cd55db0c661434)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
uclibc support was removed a while ago and musl works much better. Start to
remove the various overrides and patches related to uclibc which are no longer
needed.
uclibc support in a layer would still be possible. I have strong reasons to
believe nobody is still using uclibc since patches are missing and I doubt
the metadata even parses anymore.
(From OE-Core rev: 653704e9cf325cb494eb23facca19e9f05132ffd)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
1. Upgrade gnutls from 3.5.9 to 3.5.13
2. Rebase the following patch file.
use-pkg-config-to-locate-zlib.patch
(From OE-Core rev: ba7e5f51327d9833776aa066f30c5e46606be374)
Signed-off-by: Fan Xin <fan.xin@jp.fujitsu.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Noteworthy changes:
1. Introduced the ASN1_TIME_ENCODING_ERROR error code to indicate an invalid
encoding in the DER time fields.
2. Introduced flag ASN1_DECODE_FLAG_ALLOW_INCORRECT_TIME. This flag allows
decoding errors in time fields even when in strict DER mode.
3. Added safety check in asn1_find_node(). That prevents a crash when a very
long variable name is provided by the developer.
(From OE-Core rev: 61752a41f2f0abe61e805d2ef1292cec1e202c36)
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
There may be alternative gnutls recipes outside oe-core which include
gnutls.inc but which don't want BBCLASSEXTEND = "native nativesdk".
(From OE-Core rev: 1160b51fbe5661be83959c0e135e4b4231c94349)
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
Drop 0001-Do-not-add-cli-args.h-to-cli-args.stamp-Makefile-tar.patch, it's merged upstream.
Rebase 0001-configure.ac-fix-sed-command.patch.
(From OE-Core rev: bed7c85e9ed77ae961c4588d4f7eca6b20d2f1e8)
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Removed the following Backported patches:
1. 0001-configure-don-t-add-Werror-to-build-flags.patch
2. 0002-ASN.y-corrected-compiler-warning.patch
3. 0003-parser_aux-corrected-potential-null-pointer-derefere.patch
4. 0004-tools-eliminated-compiler-warnings.patch
fixed the following build error with musl
...
| from ../../libtasn1-4.10/gl/getopt.c:28:
| ./stdint.h:89:5: error: #if with no expression
| #if
| ^
(From OE-Core rev: 70138279e4f4da74cd63402d7201c74ab2528fa8)
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This fixes a potential pollution by the build host and build error
when yacc isn't installed on the build host:
| ../../libtasn1-4.9/build-aux/ylwrap: line 175: yacc: command not found
| Makefile:1116: recipe for target 'ASN1.c' failed
| make[3]: *** [ASN1.c] Error 127
(From OE-Core rev: 1135024502bb120c331e065f4c441d6a3efb6d4f)
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
Specify whether to use libseccomp or not. Do not
just let configure check for it.
(From OE-Core rev: 62cc91e8831c72e9beceff13ad68dd69298135b5)
Signed-off-by: Joe Slater <jslater@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
Do not reference unavailable system calls when
building for ARM_EABI.
(From OE-Core rev: 67f0094af624866f02e7fb0173c335a7e8942921)
Signed-off-by: Joe Slater <jslater@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
when using clang, configure it poking at build host
if we do not use it then it falls back to sysroot
which is what we need here.
(From OE-Core rev: ee0b0da237c1661f43e27e26e0ab24b7d8ed174f)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add a 0001-Do-not-add-cli-args.h-to-cli-args.stamp-Makefile-tar.patch
to fix a compile issue (incorrect creation of an empty header).
Add a libunistring dependency as gnutls has gained it.
(From OE-Core rev: b2ec343ad770c26f39f3a6d335e4bb3ccbf41aec)
(From OE-Core rev: 84c6a3bcf44950049bba255075177a0004058a44)
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
getVar() now defaults to expanding by default, thus remove the True
option from getVar() calls with a regex search and replace.
Search made with the following regex: getVar ?\(( ?[^,()]*), True\)
(From OE-Core rev: 7c552996597faaee2fbee185b250c0ee30ea3b5f)
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
| |
(From OE-Core rev: 27f306a752d15ec62d2821d0146be4ffa10b7013)
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Remove backported 0001-Use-correct-include-dir-with-minitasn.patch and
CVE-2016-7444.patch (which still applied silently and incorrectly:
https://bugzilla.yoctoproject.org/show_bug.cgi?id=10450).
(From OE-Core rev: 118b7233721c374314b9ceca5a101e772a29d8c3)
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
Previously the OCSP certificate check wouldn't verify the serial
length and could succeed in cases it shouldn't (CVE-2016-7444).
(From OE-Core rev: d7e97992befd3fa5c1c6616652a3aa723d08c531)
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Current release has relocations in .text on x86. Silence the
warning for now: Upcoming release should have a real fix.
[YOCTO #10290]
(From OE-Core rev: a55a20aea2128d777630a1c6d946f4434b18a227)
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
| |
(From OE-Core rev: 074e923b86ed244b1b52420d0623d620bf9ccf1e)
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
