diff options
| author | Alexander Kanavin <alexander.kanavin@linux.intel.com> | 2016-10-18 17:05:13 +0300 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2016-10-28 11:27:33 +0100 |
| commit | 118b7233721c374314b9ceca5a101e772a29d8c3 (patch) | |
| tree | df6da1fc84bc67f9dc554e159eb9b9cba6140a4d | |
| parent | 02fe5344e4e0eb6ee8d37a96a5ce7c044abfad56 (diff) | |
| download | openembedded-core-118b7233721c374314b9ceca5a101e772a29d8c3.tar.gz openembedded-core-118b7233721c374314b9ceca5a101e772a29d8c3.tar.bz2 openembedded-core-118b7233721c374314b9ceca5a101e772a29d8c3.zip | |
gnutls: update to 3.5.5
Remove backported 0001-Use-correct-include-dir-with-minitasn.patch and
CVE-2016-7444.patch (which still applied silently and incorrectly:
https://bugzilla.yoctoproject.org/show_bug.cgi?id=10450).
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
4 files changed, 9 insertions, 79 deletions
diff --git a/meta/recipes-support/gnutls/gnutls/0001-Use-correct-include-dir-with-minitasn.patch b/meta/recipes-support/gnutls/gnutls/0001-Use-correct-include-dir-with-minitasn.patch deleted file mode 100644 index d7dd7cf69b..0000000000 --- a/meta/recipes-support/gnutls/gnutls/0001-Use-correct-include-dir-with-minitasn.patch +++ /dev/null @@ -1,31 +0,0 @@ -From 2651b08477f42dd7a05ea7d6df410fb2c46de4fb Mon Sep 17 00:00:00 2001 -From: Jussi Kukkonen <jussi.kukkonen@intel.com> -Date: Wed, 31 Aug 2016 11:04:06 +0300 -Subject: [PATCH] Use correct include dir with minitasn -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -This allows compiling certtool-cfg without libtasn headers. - -Upstream-Status: Submitted [https://gitlab.com/gnutls/gnutls/merge_requests/54] -Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com> ---- - src/Makefile.am | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/src/Makefile.am b/src/Makefile.am -index 182f3a5..cf65388 100644 ---- a/src/Makefile.am -+++ b/src/Makefile.am -@@ -146,6 +146,7 @@ libcmd_cli_debug_la_SOURCES = cli-debug-args.def cli-debug-args.c cli-debug-args - COMMON_LIBS = $(LIBOPTS) $(LTLIBINTL) - if ENABLE_MINITASN1 - COMMON_LIBS += ../lib/minitasn1/libminitasn1.la ../gl/libgnu.la -+AM_CPPFLAGS += -I$(top_srcdir)/lib/minitasn1 - else - COMMON_LIBS += $(LIBTASN1_LIBS) - endif --- -2.9.3 - diff --git a/meta/recipes-support/gnutls/gnutls/CVE-2016-7444.patch b/meta/recipes-support/gnutls/gnutls/CVE-2016-7444.patch deleted file mode 100644 index 215be5a8ec..0000000000 --- a/meta/recipes-support/gnutls/gnutls/CVE-2016-7444.patch +++ /dev/null @@ -1,35 +0,0 @@ -CVE: CVE-2016-7444 -Upstream-Status: Backport -Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com> - -Upstream commit follows: - - -From 964632f37dfdfb914ebc5e49db4fa29af35b1de9 Mon Sep 17 00:00:00 2001 -From: Nikos Mavrogiannopoulos <nmav@gnutls.org> -Date: Sat, 27 Aug 2016 17:00:22 +0200 -Subject: [PATCH] ocsp: corrected the comparison of the serial size in OCSP response - -Previously the OCSP certificate check wouldn't verify the serial length -and could succeed in cases it shouldn't. - -Reported by Stefan Buehler. ---- - lib/x509/ocsp.c | 1 + - 1 file changed, 1 insertion(+), 0 deletions(-) - -diff --git a/lib/x509/ocsp.c b/lib/x509/ocsp.c -index 92db9b6..8181f2e 100644 ---- a/lib/x509/ocsp.c -+++ b/lib/x509/ocsp.c -@@ -1318,6 +1318,7 @@ gnutls_ocsp_resp_check_crt(gnutls_ocsp_resp_t resp, - gnutls_assert(); - goto cleanup; - } -+ cserial.size = t; - - if (rserial.size != cserial.size - || memcmp(cserial.data, rserial.data, rserial.size) != 0) { --- -libgit2 0.24.0 - diff --git a/meta/recipes-support/gnutls/gnutls_3.5.3.bb b/meta/recipes-support/gnutls/gnutls_3.5.3.bb deleted file mode 100644 index b2dbb07124..0000000000 --- a/meta/recipes-support/gnutls/gnutls_3.5.3.bb +++ /dev/null @@ -1,13 +0,0 @@ -require gnutls.inc - -SRC_URI += "file://correct_rpl_gettimeofday_signature.patch \ - file://0001-configure.ac-fix-sed-command.patch \ - file://use-pkg-config-to-locate-zlib.patch \ - file://0001-Use-correct-include-dir-with-minitasn.patch \ - file://CVE-2016-7444.patch \ - " -SRC_URI[md5sum] = "6c2c7f40ddf52933ee3ca474cb8cb63c" -SRC_URI[sha256sum] = "92c4bc999a10a1b95299ebefaeea8333f19d8a98d957a35b5eae74881bdb1fef" - -# x86 .text relocations should be fixed from 3.5.5 onwards -INSANE_SKIP_${PN}_append_x86 = " textrel" diff --git a/meta/recipes-support/gnutls/gnutls_3.5.5.bb b/meta/recipes-support/gnutls/gnutls_3.5.5.bb new file mode 100644 index 0000000000..d255959e23 --- /dev/null +++ b/meta/recipes-support/gnutls/gnutls_3.5.5.bb @@ -0,0 +1,9 @@ +require gnutls.inc + +SRC_URI += "file://correct_rpl_gettimeofday_signature.patch \ + file://0001-configure.ac-fix-sed-command.patch \ + file://use-pkg-config-to-locate-zlib.patch \ + " +SRC_URI[md5sum] = "fb84c4d7922c1545da8dda4dcb9487d4" +SRC_URI[sha256sum] = "86994fe7804ee16d2811e366b9bf2f75304f8e470ae0e3716d60ffeedac0e529" + |