[oe-commits] [openembedded-core] 21/77: gnutls: update to 3.5.5

Tue Oct 25 10:32:28 UTC 2016

rpurdie pushed a commit to branch master-next
in repository openembedded-core.

commit 07906a9e32b754e369682a04c31d9a88d2e63301
Author: Alexander Kanavin <alexander.kanavin at linux.intel.com>
AuthorDate: Tue Oct 18 17:05:13 2016 +0300

    gnutls: update to 3.5.5
    
    Remove backported 0001-Use-correct-include-dir-with-minitasn.patch and
    CVE-2016-7444.patch (which still applied silently and incorrectly:
    https://bugzilla.yoctoproject.org/show_bug.cgi?id=10450).
    
    Signed-off-by: Alexander Kanavin <alexander.kanavin at linux.intel.com>
    Signed-off-by: Ross Burton <ross.burton at intel.com>
---
 ...001-Use-correct-include-dir-with-minitasn.patch | 31 -------------------
 .../gnutls/gnutls/CVE-2016-7444.patch              | 35 ----------------------
 meta/recipes-support/gnutls/gnutls_3.5.3.bb        | 13 --------
 meta/recipes-support/gnutls/gnutls_3.5.5.bb        |  9 ++++++
 4 files changed, 9 insertions(+), 79 deletions(-)

diff --git a/meta/recipes-support/gnutls/gnutls/0001-Use-correct-include-dir-with-minitasn.patch b/meta/recipes-support/gnutls/gnutls/0001-Use-correct-include-dir-with-minitasn.patch
deleted file mode 100644
index d7dd7cf..0000000
--- a/meta/recipes-support/gnutls/gnutls/0001-Use-correct-include-dir-with-minitasn.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-From 2651b08477f42dd7a05ea7d6df410fb2c46de4fb Mon Sep 17 00:00:00 2001
-From: Jussi Kukkonen <jussi.kukkonen at intel.com>
-Date: Wed, 31 Aug 2016 11:04:06 +0300
-Subject: [PATCH] Use correct include dir with minitasn
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-This allows compiling certtool-cfg without libtasn headers.
-
-Upstream-Status: Submitted [https://gitlab.com/gnutls/gnutls/merge_requests/54]
-Signed-off-by: Jussi Kukkonen <jussi.kukkonen at intel.com>
----
- src/Makefile.am | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/src/Makefile.am b/src/Makefile.am
-index 182f3a5..cf65388 100644
---- a/src/Makefile.am
-+++ b/src/Makefile.am
-@@ -146,6 +146,7 @@ libcmd_cli_debug_la_SOURCES = cli-debug-args.def cli-debug-args.c cli-debug-args
- COMMON_LIBS = $(LIBOPTS) $(LTLIBINTL)
- if ENABLE_MINITASN1
- COMMON_LIBS += ../lib/minitasn1/libminitasn1.la ../gl/libgnu.la 
-+AM_CPPFLAGS += -I$(top_srcdir)/lib/minitasn1
- else
- COMMON_LIBS += $(LIBTASN1_LIBS)
- endif
--- 
-2.9.3
-
diff --git a/meta/recipes-support/gnutls/gnutls/CVE-2016-7444.patch b/meta/recipes-support/gnutls/gnutls/CVE-2016-7444.patch
deleted file mode 100644
index 215be5a..0000000
--- a/meta/recipes-support/gnutls/gnutls/CVE-2016-7444.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-CVE: CVE-2016-7444
-Upstream-Status: Backport
-Signed-off-by: Jussi Kukkonen <jussi.kukkonen at intel.com>
-
-Upstream commit follows:
-
-
-From 964632f37dfdfb914ebc5e49db4fa29af35b1de9 Mon Sep 17 00:00:00 2001
-From: Nikos Mavrogiannopoulos <nmav at gnutls.org>
-Date: Sat, 27 Aug 2016 17:00:22 +0200
-Subject: [PATCH] ocsp: corrected the comparison of the serial size in OCSP response
-
-Previously the OCSP certificate check wouldn't verify the serial length
-and could succeed in cases it shouldn't.
-
-Reported by Stefan Buehler.
----
- lib/x509/ocsp.c | 1 +
- 1 file changed, 1 insertion(+), 0 deletions(-)
-
-diff --git a/lib/x509/ocsp.c b/lib/x509/ocsp.c
-index 92db9b6..8181f2e 100644
---- a/lib/x509/ocsp.c
-+++ b/lib/x509/ocsp.c
-@@ -1318,6 +1318,7 @@ gnutls_ocsp_resp_check_crt(gnutls_ocsp_resp_t resp,
- 		gnutls_assert();
- 		goto cleanup;
- 	}
-+	cserial.size = t;
- 
- 	if (rserial.size != cserial.size
- 	    || memcmp(cserial.data, rserial.data, rserial.size) != 0) {
---
-libgit2 0.24.0
-
diff --git a/meta/recipes-support/gnutls/gnutls_3.5.3.bb b/meta/recipes-support/gnutls/gnutls_3.5.3.bb
deleted file mode 100644
index b2dbb07..0000000
--- a/meta/recipes-support/gnutls/gnutls_3.5.3.bb
+++ /dev/null
@@ -1,13 +0,0 @@
-require gnutls.inc
-
-SRC_URI += "file://correct_rpl_gettimeofday_signature.patch \
-            file://0001-configure.ac-fix-sed-command.patch \
-            file://use-pkg-config-to-locate-zlib.patch \
-            file://0001-Use-correct-include-dir-with-minitasn.patch \
-            file://CVE-2016-7444.patch \
-           "
-SRC_URI[md5sum] = "6c2c7f40ddf52933ee3ca474cb8cb63c"
-SRC_URI[sha256sum] = "92c4bc999a10a1b95299ebefaeea8333f19d8a98d957a35b5eae74881bdb1fef"
-
-# x86 .text relocations should be fixed from 3.5.5 onwards
-INSANE_SKIP_${PN}_append_x86 = " textrel"
diff --git a/meta/recipes-support/gnutls/gnutls_3.5.5.bb b/meta/recipes-support/gnutls/gnutls_3.5.5.bb
new file mode 100644
index 0000000..d255959
--- /dev/null
+++ b/meta/recipes-support/gnutls/gnutls_3.5.5.bb
@@ -0,0 +1,9 @@
+require gnutls.inc
+
+SRC_URI += "file://correct_rpl_gettimeofday_signature.patch \
+            file://0001-configure.ac-fix-sed-command.patch \
+            file://use-pkg-config-to-locate-zlib.patch \
+           "
+SRC_URI[md5sum] = "fb84c4d7922c1545da8dda4dcb9487d4"
+SRC_URI[sha256sum] = "86994fe7804ee16d2811e366b9bf2f75304f8e470ae0e3716d60ffeedac0e529"
+

-- 
To stop receiving notification emails like this one, please contact
the administrator of this repository.
