Re: [yocto] [meta-gplv2][PATCH] gnutls: update 3.3.27 -> 3.3.28
On Wed, Nov 8, 2017 at 7:45 PM, Andre McCurdywrote: > * Version 3.3.28 (released 2017-07-04) > > ** libgnutls: Fixed issue when rehandshaking without a client certificate in >a session which initially used one. Reported by Frantisek Sumsal. > > ** libgnutls: fix issue in RSA-PSK client callback which resulted in no > username >being sent to the peer. Patch by Nicolas Dufresne. > > ** libgnutls: no longer parse the ResponseID field of the status response >TLS extension. The field is not used by GnuTLS nor is made available to >calling applications. That addresses a null pointer dereference on server >side caused by packets containing the ResponseID field. Reported >by Hubert Kario. [GNUTLS-SA-2017-4] > > ** libgnutls: Handle specially HSMs which request explicit authentication. >There are HSMs which return CKR_USER_NOT_LOGGED_IN on the first private key >operation. Detect that state and try to login. > > ** libgnutls: the GNUTLS_PKCS11_OBJ_FLAG_LOGIN will force a login on HSMs. >That is, even in tokens which do not have a CKF_LOGIN_REQUIRED flag >a login will be forced. This improves operation on certain Safenet HSMs. > > ** libgnutls: do not set leading zeros when copying integers on HSMs. >PKCS#11 defines integers as unsigned having most significant byte >first, e.g., 32768 = 0x80 0x00. This is interpreted literraly by >some HSMs which do not accept an integer with a leading zero. This >improves operation with certain Atos HSMs. > > ** libgnutls: Backported PKCS#11 key generation functionality for DSA keys. > > ** libgnutls: Improve check for /dev/urandom uniqueness. Ensure that when >gnutls_global_init() is called for a second time that /dev/urandom is >re-opened when the inode or device ID has changed. > > ** API and ABI modifications: > No changes since last version. Ping. CCing Ross. > Signed-off-by: Andre McCurdy > --- > recipes-support/gnutls/gnutls.inc | 9 - > recipes-support/gnutls/gnutls_3.3.27.bb | 17 - > recipes-support/gnutls/gnutls_3.3.28.bb | 8 > 3 files changed, 12 insertions(+), 22 deletions(-) > delete mode 100644 recipes-support/gnutls/gnutls_3.3.27.bb > create mode 100644 recipes-support/gnutls/gnutls_3.3.28.bb > > diff --git a/recipes-support/gnutls/gnutls.inc > b/recipes-support/gnutls/gnutls.inc > index 4a5c3df..4cf375f 100644 > --- a/recipes-support/gnutls/gnutls.inc > +++ b/recipes-support/gnutls/gnutls.inc > @@ -8,9 +8,8 @@ LICENSE_${PN}-xx = "LGPLv2.1+" > LICENSE_${PN}-bin = "GPLv3+" > LICENSE_${PN}-openssl = "GPLv3+" > > -LIC_FILES_CHKSUM = "file://LICENSE;md5=71391c8e0c1cfe68077e7fce3b586283 \ > -file://doc/COPYING;md5=d32239bcb673463ab874e80d47fae504 \ > - > file://doc/COPYING.LESSER;md5=a6f89e2100d9b6cdffcea4f398e37343" > +LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504 \ > + > file://COPYING.LESSER;md5=a6f89e2100d9b6cdffcea4f398e37343" > > DEPENDS = "nettle gmp virtual/libiconv" > DEPENDS_append_libc-musl = " argp-standalone" > @@ -21,9 +20,8 @@ SRC_URI = > "ftp://ftp.gnutls.org/gcrypt/gnutls/v${SHRT_VER}/gnutls-${PV}.tar.xz; > > inherit autotools texinfo binconfig pkgconfig gettext lib_package gtk-doc > > -PACKAGECONFIG ??= "libidn zlib" > +PACKAGECONFIG ??= "zlib" > > -PACKAGECONFIG[libidn] = "--with-idn,--without-idn,libidn" > PACKAGECONFIG[libtasn1] = > "--with-included-libtasn1=no,--with-included-libtasn1,libtasn1" > PACKAGECONFIG[p11-kit] = "--with-p11-kit,--without-p11-kit,p11-kit" > PACKAGECONFIG[tpm] = "--with-tpm,--without-tpm,trousers" > @@ -31,6 +29,7 @@ PACKAGECONFIG[zlib] = "--with-zlib,--without-zlib,zlib" > > EXTRA_OECONF = " \ > --enable-doc \ > +--disable-crywrap \ > --disable-libdane \ > --disable-guile \ > --disable-rpath \ > diff --git a/recipes-support/gnutls/gnutls_3.3.27.bb > b/recipes-support/gnutls/gnutls_3.3.27.bb > deleted file mode 100644 > index a1dcdb5..000 > --- a/recipes-support/gnutls/gnutls_3.3.27.bb > +++ /dev/null > @@ -1,17 +0,0 @@ > -require gnutls.inc > - > -LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504 \ > - > file://COPYING.LESSER;md5=a6f89e2100d9b6cdffcea4f398e37343" > - > -SRC_URI += " \ > -file://configure.ac-fix-sed-command.patch \ > -file://use-pkg-config-to-locate-zlib.patch \ > -" > -SRC_URI[md5sum] = "8ee8cebd7f7575b11f232766a21c31d3" > -SRC_URI[sha256sum] = > "8dfda16c158ef5c134010d51d1a91d02aa5d43b8cb711b1572650a7ffb56b17f" > - > -# This version doesn't support this option added in newer gnutls > -# ERROR: gnutls-3.3.27-r0 do_configure: QA Issue: gnutls: configure was > passed unrecognised options: --with-idn [unknown-configure-option] > -PACKAGECONFIG[libidn] = "" > -# but it still has the libidn dependency, without this option > -EXTRA_OECONF += "--disable-crywrap" > diff --git
[yocto] [meta-gplv2][PATCH] gnutls: update 3.3.27 -> 3.3.28
* Version 3.3.28 (released 2017-07-04) ** libgnutls: Fixed issue when rehandshaking without a client certificate in a session which initially used one. Reported by Frantisek Sumsal. ** libgnutls: fix issue in RSA-PSK client callback which resulted in no username being sent to the peer. Patch by Nicolas Dufresne. ** libgnutls: no longer parse the ResponseID field of the status response TLS extension. The field is not used by GnuTLS nor is made available to calling applications. That addresses a null pointer dereference on server side caused by packets containing the ResponseID field. Reported by Hubert Kario. [GNUTLS-SA-2017-4] ** libgnutls: Handle specially HSMs which request explicit authentication. There are HSMs which return CKR_USER_NOT_LOGGED_IN on the first private key operation. Detect that state and try to login. ** libgnutls: the GNUTLS_PKCS11_OBJ_FLAG_LOGIN will force a login on HSMs. That is, even in tokens which do not have a CKF_LOGIN_REQUIRED flag a login will be forced. This improves operation on certain Safenet HSMs. ** libgnutls: do not set leading zeros when copying integers on HSMs. PKCS#11 defines integers as unsigned having most significant byte first, e.g., 32768 = 0x80 0x00. This is interpreted literraly by some HSMs which do not accept an integer with a leading zero. This improves operation with certain Atos HSMs. ** libgnutls: Backported PKCS#11 key generation functionality for DSA keys. ** libgnutls: Improve check for /dev/urandom uniqueness. Ensure that when gnutls_global_init() is called for a second time that /dev/urandom is re-opened when the inode or device ID has changed. ** API and ABI modifications: No changes since last version. Signed-off-by: Andre McCurdy--- recipes-support/gnutls/gnutls.inc | 9 - recipes-support/gnutls/gnutls_3.3.27.bb | 17 - recipes-support/gnutls/gnutls_3.3.28.bb | 8 3 files changed, 12 insertions(+), 22 deletions(-) delete mode 100644 recipes-support/gnutls/gnutls_3.3.27.bb create mode 100644 recipes-support/gnutls/gnutls_3.3.28.bb diff --git a/recipes-support/gnutls/gnutls.inc b/recipes-support/gnutls/gnutls.inc index 4a5c3df..4cf375f 100644 --- a/recipes-support/gnutls/gnutls.inc +++ b/recipes-support/gnutls/gnutls.inc @@ -8,9 +8,8 @@ LICENSE_${PN}-xx = "LGPLv2.1+" LICENSE_${PN}-bin = "GPLv3+" LICENSE_${PN}-openssl = "GPLv3+" -LIC_FILES_CHKSUM = "file://LICENSE;md5=71391c8e0c1cfe68077e7fce3b586283 \ -file://doc/COPYING;md5=d32239bcb673463ab874e80d47fae504 \ - file://doc/COPYING.LESSER;md5=a6f89e2100d9b6cdffcea4f398e37343" +LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504 \ +file://COPYING.LESSER;md5=a6f89e2100d9b6cdffcea4f398e37343" DEPENDS = "nettle gmp virtual/libiconv" DEPENDS_append_libc-musl = " argp-standalone" @@ -21,9 +20,8 @@ SRC_URI = "ftp://ftp.gnutls.org/gcrypt/gnutls/v${SHRT_VER}/gnutls-${PV}.tar.xz; inherit autotools texinfo binconfig pkgconfig gettext lib_package gtk-doc -PACKAGECONFIG ??= "libidn zlib" +PACKAGECONFIG ??= "zlib" -PACKAGECONFIG[libidn] = "--with-idn,--without-idn,libidn" PACKAGECONFIG[libtasn1] = "--with-included-libtasn1=no,--with-included-libtasn1,libtasn1" PACKAGECONFIG[p11-kit] = "--with-p11-kit,--without-p11-kit,p11-kit" PACKAGECONFIG[tpm] = "--with-tpm,--without-tpm,trousers" @@ -31,6 +29,7 @@ PACKAGECONFIG[zlib] = "--with-zlib,--without-zlib,zlib" EXTRA_OECONF = " \ --enable-doc \ +--disable-crywrap \ --disable-libdane \ --disable-guile \ --disable-rpath \ diff --git a/recipes-support/gnutls/gnutls_3.3.27.bb b/recipes-support/gnutls/gnutls_3.3.27.bb deleted file mode 100644 index a1dcdb5..000 --- a/recipes-support/gnutls/gnutls_3.3.27.bb +++ /dev/null @@ -1,17 +0,0 @@ -require gnutls.inc - -LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504 \ -file://COPYING.LESSER;md5=a6f89e2100d9b6cdffcea4f398e37343" - -SRC_URI += " \ -file://configure.ac-fix-sed-command.patch \ -file://use-pkg-config-to-locate-zlib.patch \ -" -SRC_URI[md5sum] = "8ee8cebd7f7575b11f232766a21c31d3" -SRC_URI[sha256sum] = "8dfda16c158ef5c134010d51d1a91d02aa5d43b8cb711b1572650a7ffb56b17f" - -# This version doesn't support this option added in newer gnutls -# ERROR: gnutls-3.3.27-r0 do_configure: QA Issue: gnutls: configure was passed unrecognised options: --with-idn [unknown-configure-option] -PACKAGECONFIG[libidn] = "" -# but it still has the libidn dependency, without this option -EXTRA_OECONF += "--disable-crywrap" diff --git a/recipes-support/gnutls/gnutls_3.3.28.bb b/recipes-support/gnutls/gnutls_3.3.28.bb new file mode 100644 index 000..1b23369 --- /dev/null +++ b/recipes-support/gnutls/gnutls_3.3.28.bb @@ -0,0 +1,8 @@ +require gnutls.inc + +SRC_URI += " \ +file://configure.ac-fix-sed-command.patch \ +