Re: [yocto] [meta-gplv2][PATCH] gnutls: update 3.3.27 -> 3.3.28

2017-11-17 Thread Andre McCurdy 
On Wed, Nov 8, 2017 at 7:45 PM, Andre McCurdy  wrote:
> * Version 3.3.28 (released 2017-07-04)
>
> ** libgnutls: Fixed issue when rehandshaking without a client certificate in
>a session which initially used one. Reported by Frantisek Sumsal.
>
> ** libgnutls: fix issue in RSA-PSK client callback which resulted in no 
> username
>being sent to the peer. Patch by Nicolas Dufresne.
>
> ** libgnutls: no longer parse the ResponseID field of the status response
>TLS extension. The field is not used by GnuTLS nor is made available to
>calling applications. That addresses a null pointer dereference on server
>side caused by packets containing the ResponseID field. Reported
>by Hubert Kario. [GNUTLS-SA-2017-4]
>
> ** libgnutls: Handle specially HSMs which request explicit authentication.
>There are HSMs which return CKR_USER_NOT_LOGGED_IN on the first private key
>operation. Detect that state and try to login.
>
> ** libgnutls: the GNUTLS_PKCS11_OBJ_FLAG_LOGIN will force a login on HSMs.
>That is, even in tokens which do not have a CKF_LOGIN_REQUIRED flag
>a login will be forced. This improves operation on certain Safenet HSMs.
>
> ** libgnutls: do not set leading zeros when copying integers on HSMs.
>PKCS#11 defines integers as unsigned having most significant byte
>first, e.g., 32768 = 0x80 0x00. This is interpreted literraly by
>some HSMs which do not accept an integer with a leading zero. This
>improves operation with certain Atos HSMs.
>
> ** libgnutls: Backported PKCS#11 key generation functionality for DSA keys.
>
> ** libgnutls: Improve check for /dev/urandom uniqueness. Ensure that when
>gnutls_global_init() is called for a second time that /dev/urandom is
>re-opened when the inode or device ID has changed.
>
> ** API and ABI modifications:
> No changes since last version.

Ping. CCing Ross.

> Signed-off-by: Andre McCurdy 
> ---
>  recipes-support/gnutls/gnutls.inc   |  9 -
>  recipes-support/gnutls/gnutls_3.3.27.bb | 17 -
>  recipes-support/gnutls/gnutls_3.3.28.bb |  8 
>  3 files changed, 12 insertions(+), 22 deletions(-)
>  delete mode 100644 recipes-support/gnutls/gnutls_3.3.27.bb
>  create mode 100644 recipes-support/gnutls/gnutls_3.3.28.bb
>
> diff --git a/recipes-support/gnutls/gnutls.inc 
> b/recipes-support/gnutls/gnutls.inc
> index 4a5c3df..4cf375f 100644
> --- a/recipes-support/gnutls/gnutls.inc
> +++ b/recipes-support/gnutls/gnutls.inc
> @@ -8,9 +8,8 @@ LICENSE_${PN}-xx = "LGPLv2.1+"
>  LICENSE_${PN}-bin = "GPLv3+"
>  LICENSE_${PN}-openssl = "GPLv3+"
>
> -LIC_FILES_CHKSUM = "file://LICENSE;md5=71391c8e0c1cfe68077e7fce3b586283 \
> -file://doc/COPYING;md5=d32239bcb673463ab874e80d47fae504 \
> -
> file://doc/COPYING.LESSER;md5=a6f89e2100d9b6cdffcea4f398e37343"
> +LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504 \
> +
> file://COPYING.LESSER;md5=a6f89e2100d9b6cdffcea4f398e37343"
>
>  DEPENDS = "nettle gmp virtual/libiconv"
>  DEPENDS_append_libc-musl = " argp-standalone"
> @@ -21,9 +20,8 @@ SRC_URI = 
> "ftp://ftp.gnutls.org/gcrypt/gnutls/v${SHRT_VER}/gnutls-${PV}.tar.xz;
>
>  inherit autotools texinfo binconfig pkgconfig gettext lib_package gtk-doc
>
> -PACKAGECONFIG ??= "libidn zlib"
> +PACKAGECONFIG ??= "zlib"
>
> -PACKAGECONFIG[libidn] = "--with-idn,--without-idn,libidn"
>  PACKAGECONFIG[libtasn1] = 
> "--with-included-libtasn1=no,--with-included-libtasn1,libtasn1"
>  PACKAGECONFIG[p11-kit] = "--with-p11-kit,--without-p11-kit,p11-kit"
>  PACKAGECONFIG[tpm] = "--with-tpm,--without-tpm,trousers"
> @@ -31,6 +29,7 @@ PACKAGECONFIG[zlib] = "--with-zlib,--without-zlib,zlib"
>
>  EXTRA_OECONF = " \
>  --enable-doc \
> +--disable-crywrap \
>  --disable-libdane \
>  --disable-guile \
>  --disable-rpath \
> diff --git a/recipes-support/gnutls/gnutls_3.3.27.bb 
> b/recipes-support/gnutls/gnutls_3.3.27.bb
> deleted file mode 100644
> index a1dcdb5..000
> --- a/recipes-support/gnutls/gnutls_3.3.27.bb
> +++ /dev/null
> @@ -1,17 +0,0 @@
> -require gnutls.inc
> -
> -LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504 \
> -
> file://COPYING.LESSER;md5=a6f89e2100d9b6cdffcea4f398e37343"
> -
> -SRC_URI += " \
> -file://configure.ac-fix-sed-command.patch \
> -file://use-pkg-config-to-locate-zlib.patch \
> -"
> -SRC_URI[md5sum] = "8ee8cebd7f7575b11f232766a21c31d3"
> -SRC_URI[sha256sum] = 
> "8dfda16c158ef5c134010d51d1a91d02aa5d43b8cb711b1572650a7ffb56b17f"
> -
> -# This version doesn't support this option added in newer gnutls
> -# ERROR: gnutls-3.3.27-r0 do_configure: QA Issue: gnutls: configure was 
> passed unrecognised options: --with-idn [unknown-configure-option]
> -PACKAGECONFIG[libidn] = ""
> -# but it still has the libidn dependency, without this option
> -EXTRA_OECONF += "--disable-crywrap"
> diff --git

[yocto] [meta-gplv2][PATCH] gnutls: update 3.3.27 -> 3.3.28

2017-11-08 Thread Andre McCurdy 
* Version 3.3.28 (released 2017-07-04)

** libgnutls: Fixed issue when rehandshaking without a client certificate in
   a session which initially used one. Reported by Frantisek Sumsal.

** libgnutls: fix issue in RSA-PSK client callback which resulted in no username
   being sent to the peer. Patch by Nicolas Dufresne.

** libgnutls: no longer parse the ResponseID field of the status response
   TLS extension. The field is not used by GnuTLS nor is made available to
   calling applications. That addresses a null pointer dereference on server
   side caused by packets containing the ResponseID field. Reported
   by Hubert Kario. [GNUTLS-SA-2017-4]

** libgnutls: Handle specially HSMs which request explicit authentication.
   There are HSMs which return CKR_USER_NOT_LOGGED_IN on the first private key
   operation. Detect that state and try to login.

** libgnutls: the GNUTLS_PKCS11_OBJ_FLAG_LOGIN will force a login on HSMs.
   That is, even in tokens which do not have a CKF_LOGIN_REQUIRED flag
   a login will be forced. This improves operation on certain Safenet HSMs.

** libgnutls: do not set leading zeros when copying integers on HSMs.
   PKCS#11 defines integers as unsigned having most significant byte
   first, e.g., 32768 = 0x80 0x00. This is interpreted literraly by
   some HSMs which do not accept an integer with a leading zero. This
   improves operation with certain Atos HSMs.

** libgnutls: Backported PKCS#11 key generation functionality for DSA keys.

** libgnutls: Improve check for /dev/urandom uniqueness. Ensure that when
   gnutls_global_init() is called for a second time that /dev/urandom is
   re-opened when the inode or device ID has changed.

** API and ABI modifications:
No changes since last version.

Signed-off-by: Andre McCurdy 
---
 recipes-support/gnutls/gnutls.inc   |  9 -
 recipes-support/gnutls/gnutls_3.3.27.bb | 17 -
 recipes-support/gnutls/gnutls_3.3.28.bb |  8 
 3 files changed, 12 insertions(+), 22 deletions(-)
 delete mode 100644 recipes-support/gnutls/gnutls_3.3.27.bb
 create mode 100644 recipes-support/gnutls/gnutls_3.3.28.bb

diff --git a/recipes-support/gnutls/gnutls.inc 
b/recipes-support/gnutls/gnutls.inc
index 4a5c3df..4cf375f 100644
--- a/recipes-support/gnutls/gnutls.inc
+++ b/recipes-support/gnutls/gnutls.inc
@@ -8,9 +8,8 @@ LICENSE_${PN}-xx = "LGPLv2.1+"
 LICENSE_${PN}-bin = "GPLv3+"
 LICENSE_${PN}-openssl = "GPLv3+"
 
-LIC_FILES_CHKSUM = "file://LICENSE;md5=71391c8e0c1cfe68077e7fce3b586283 \
-file://doc/COPYING;md5=d32239bcb673463ab874e80d47fae504 \
-
file://doc/COPYING.LESSER;md5=a6f89e2100d9b6cdffcea4f398e37343"
+LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504 \
+file://COPYING.LESSER;md5=a6f89e2100d9b6cdffcea4f398e37343"
 
 DEPENDS = "nettle gmp virtual/libiconv"
 DEPENDS_append_libc-musl = " argp-standalone"
@@ -21,9 +20,8 @@ SRC_URI = 
"ftp://ftp.gnutls.org/gcrypt/gnutls/v${SHRT_VER}/gnutls-${PV}.tar.xz;
 
 inherit autotools texinfo binconfig pkgconfig gettext lib_package gtk-doc
 
-PACKAGECONFIG ??= "libidn zlib"
+PACKAGECONFIG ??= "zlib"
 
-PACKAGECONFIG[libidn] = "--with-idn,--without-idn,libidn"
 PACKAGECONFIG[libtasn1] = 
"--with-included-libtasn1=no,--with-included-libtasn1,libtasn1"
 PACKAGECONFIG[p11-kit] = "--with-p11-kit,--without-p11-kit,p11-kit"
 PACKAGECONFIG[tpm] = "--with-tpm,--without-tpm,trousers"
@@ -31,6 +29,7 @@ PACKAGECONFIG[zlib] = "--with-zlib,--without-zlib,zlib"
 
 EXTRA_OECONF = " \
 --enable-doc \
+--disable-crywrap \
 --disable-libdane \
 --disable-guile \
 --disable-rpath \
diff --git a/recipes-support/gnutls/gnutls_3.3.27.bb 
b/recipes-support/gnutls/gnutls_3.3.27.bb
deleted file mode 100644
index a1dcdb5..000
--- a/recipes-support/gnutls/gnutls_3.3.27.bb
+++ /dev/null
@@ -1,17 +0,0 @@
-require gnutls.inc
-
-LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504 \
-file://COPYING.LESSER;md5=a6f89e2100d9b6cdffcea4f398e37343"
-
-SRC_URI += " \
-file://configure.ac-fix-sed-command.patch \
-file://use-pkg-config-to-locate-zlib.patch \
-"
-SRC_URI[md5sum] = "8ee8cebd7f7575b11f232766a21c31d3"
-SRC_URI[sha256sum] = 
"8dfda16c158ef5c134010d51d1a91d02aa5d43b8cb711b1572650a7ffb56b17f"
-
-# This version doesn't support this option added in newer gnutls
-# ERROR: gnutls-3.3.27-r0 do_configure: QA Issue: gnutls: configure was passed 
unrecognised options: --with-idn [unknown-configure-option]
-PACKAGECONFIG[libidn] = ""
-# but it still has the libidn dependency, without this option
-EXTRA_OECONF += "--disable-crywrap"
diff --git a/recipes-support/gnutls/gnutls_3.3.28.bb 
b/recipes-support/gnutls/gnutls_3.3.28.bb
new file mode 100644
index 000..1b23369
--- /dev/null
+++ b/recipes-support/gnutls/gnutls_3.3.28.bb
@@ -0,0 +1,8 @@
+require gnutls.inc
+
+SRC_URI += " \
+file://configure.ac-fix-sed-command.patch \
+