summaryrefslogtreecommitdiffstats
path: root/meta/recipes-support/gnutls
Commit message (Collapse)AuthorAgeFilesLines
* gnutls: upgrade 3.8.9 -> 3.8.10Gyorgy Sarvari93 min.2-1/+2
| | | | | | | | | | | | | | Skip compress-cert-conf test when running ptests, because it requires gnutls to be compiled with brotli PACKAGECONFIG, however brotli is not part of oe-core. Changelog: https://gitlab.com/gnutls/gnutls/-/blob/master/NEWS (From OE-Core rev: 2ad41436acdc5f37803ade51c98ae0dc06103e45) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libtasn1: upgrade 4.19.0 -> 4.20.0Vijay Anusuri2025-03-061-4/+3
| | | | | | | | | | | | | | | | | * Noteworthy changes in release 4.20.0 (2025-02-01) [stable] - The release tarball is now reproducible. - We publish a minimal source-only tarball generated by 'git archive'. - Update gnulib files and various build/maintenance fixes. - Fix CVE-2024-12133: Potential DoS in handling of numerous SEQUENCE OF or SET OF elements License-Update: file COPYING.LESSER renamed to COPYING.LESSERv2 & Copyright year updated to 2025 (From OE-Core rev: 3a8633b9f522e0be31c08790a3f2050c6d052d93) Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gnutls: upgrade 3.8.8 -> 3.8.9Peter Marko2025-02-183-10/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Solves CVE-2024-12243 Refreshed patches License-Update: multiple changes * https://gitlab.com/gnutls/gnutls/-/commit/a8727cdb076287d0a2098ba49d76899b4e70160e COPYING.LESSER updated wording to latest FSF version * https://gitlab.com/gnutls/gnutls/-/commit/75f5ea80738156b81de30ae9b482a69cf4e77e9d LICENSE file merged to README.md COPYING and COPYING.LESSERv2 moved to top-level directory Release notes: https://gitlab.com/gnutls/gnutls/-/blob/3.8.9/NEWS?ref_type=tags * Version 3.8.9 (released 2025-02-07) ** libgnutls: leancrypto was added as an interim option for PQC The library can now be built with leancrypto instead of liboqs for post-quantum cryptography (PQC), when configured with --with-leancrypto option instead of --with-liboqs. ** libgnutls: Experimental support for ML-DSA signature algorithm The library and certtool now support ML-DSA signature algorithm as defined in FIPS 204 and based on draft-ietf-lamps-dilithium-certificates-04. This feature is currently marked as experimental and can only be enabled when compiled with --with-leancrypto or --with-liboqs. Contributed by David Dudas. ** libgnutls: Support for ML-KEM-1024 key encapsulation mechanism The support for ML-KEM post-quantum key encapsulation mechanisms has been extended to cover ML-KEM-1024, in addition to ML-KEM-768. MLKEM1024 is only offered as SecP384r1MLKEM1024 hybrid as per draft-kwiatkowski-tls-ecdhe-mlkem-03. ** libgnutls: Fix potential DoS in handling certificates with numerous name constraints, as a follow-up of CVE-2024-12133 in libtasn1. The bundled copy of libtasn1 has also been updated to the latest 4.20.0 release to complete the fix. Reported by Bing Shi (#1553). [GNUTLS-SA-2025-02-07, CVSS: medium] [CVE-2024-12243] ** API and ABI modifications: GNUTLS_PK_MLDSA44: New enum member of gnutls_pk_algorithm_t GNUTLS_PK_MLDSA65: New enum member of gnutls_pk_algorithm_t GNUTLS_PK_MLDSA87: New enum member of gnutls_pk_algorithm_t GNUTLS_SIGN_MLDSA44: New enum member of gnutls_sign_algorithm_t GNUTLS_SIGN_MLDSA65: New enum member of gnutls_sign_algorithm_t GNUTLS_SIGN_MLDSA87: New enum member of gnutls_sign_algorithm_t (From OE-Core rev: 4313d931673dd86aaf590c68f7b1fa364d752740) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* meta/meta-selftest: Fix variable assignment whitespaceRichard Purdie2025-02-011-1/+1
| | | | | | | | | | Recipes are much more readable with whitespace around the assignment operators. Fix various assignments in OE-Core to show this is definitely the preferred formatting. (From OE-Core rev: 30ea609d3357fb3de911f2f6a5e6856c151b976a) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gnutls: Upgrade to 3.8.8Simone Weiß2024-11-252-47/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | In 3.8.7 is that the linkage to compression libraries were changed to use a new tool called dlwrap, this caused issues during the last upgrade but is resolved now with the update to 3.8.8. Remove the workarounds for the update hence. Changes in 3.8.8 include: * libgnutls: * Experimental support for X25519MLKEM768 and SecP256r1MLKEM768 key exchange in TLS 1.3 * All records included in an OCSP response are now checked in TLS * Handling of malformed compress_certificate extension is now more standard compliant * More flexible library linking options for compression libraries, TPM, and liboqs support. The configure options, --with-zstd, --with-brotli, --with-zlib, --with-tpm2, and --with-liboqs now take 4 states: yes/link/dlopen/no, to specify how the libraries are linked or loaded. Do not set a specific library linking option but use the default(yes). (From OE-Core rev: 6620623ce280d20c2430ba87ba276a0490b05080) Signed-off-by: Simone Weiß <simone.p.weiss@posteo.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gnutls: upgrade to 3.8.7.1Ross Burton2024-09-302-1/+47
| | | | | | | | | | | | | | | | | | | | | | | | | | A notable change in 3.8.7 is that the linkage to compression libraries was changed to use a new tool called dlwrap, so these libraries should be loaded at runtime with dlopen() instead of dynamically linked at build time. However, the dlopen() detection fails in cross builds[1] and it falls back to dynamic linking so this isn't an issue we need to deal with at present. Also note that whilst dlwrap is a tool written in rust that needs the clang includes, it's a maintainer tool and the generated files are in git, so we should never need to rerun it. Backport a patch to fix AM_CONDITIONAL to resolve linkage problems. The 3.8.7.1 tarball is actually just a rebuild of 3.8.7 with the translations included (which were missing in 3.8.7), so set S explicitly for this release. [1] https://gitlab.com/gnutls/gnutls/-/issues/1583 (From OE-Core rev: d38f32f493192fa5965f7271ef6ba5aae33849f5) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gnutls: upgrade 3.8.5 -> 3.8.6Simone Weiß2024-07-215-278/+8
| | | | | | | | | | | | | | | | | | | | | | Changelog: ** libgnutls: PBMAC1 is now supported as a MAC mechanism for PKCS#12 To be compliant with FIPS 140-3, PKCS#12 files with MAC based on PBKDF2 (PBMAC1) is now supported, according to the specification proposed in draft-ietf-lamps-pkcs12-pbmac1. ** libgnutls: SHA3 extendable output functions (XOF) are now supported SHA3 XOF, SHAKE128 and SHAKE256, are now usable through a new public API gnutls_hash_squeeze. ** API and ABI modifications: gnutls_pkcs12_generate_mac3: New function gnutls_pkcs12_flags_t: New enum gnutls_hash_squeeze: New function (From OE-Core rev: 61e7888c8e31ac2adee9eb75ee2393125ef9b433) Signed-off-by: Simone Weiß <simone.p.weiss@posteo.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gnutls: Fix failing ptestsSimone Weiß2024-04-232-0/+270
| | | | | | | | | | | | When upgrading gnutls to the newest version 3.8.5, some ptest failed. Backported a patch from upstream gnutls(not in any release yet) to fix this issue. (From OE-Core rev: 25135cd910e24117aa493abcb7f6aeee0b84ab82) Signed-off-by: Simone Weiß <simone.p.weiss@posteo.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gnutls: upgrade 3.8.4 -> 3.8.5Wang Mingyu2024-04-232-5/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | Add-ptest-support.patch refreshed for 3.8.5 Changelog: ========== * libgnutls: Due to majority of usages and implementations of RSA decryption with PKCS#1 v1.5 padding being incorrect, leaving them vulnerable to Marvin attack, the RSAES-PKCS1-v1_5 is being deprecated (encryption and decryption) and will be disabled in the future. * libgnutls: Added support for RIPEMD160 and PBES1-DES-SHA1 for backward compatibility with GCR. * libgnutls: A couple of memory related issues have been fixed in RSA PKCS#1 v1.5 decryption error handling and deterministic ECDSA with earlier versions of GMP. * build: Fixed a bug where building gnutls statically failed due to a duplicate definition of nettle_rsa_compute_root_tr(). (From OE-Core rev: 594ef33f9d5bc6fba1c9b1393936f26920406826) Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gnutls: upgrade 3.8.3 -> 3.8.4Simone Weiß2024-04-044-16/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - Upgrade gnutls SRCREV for new version - Refresh patches for 3.8.4 Changelog: ========== ** libgnutls: RSA-OAEP encryption scheme is now supported To use it with an unrestricted RSA private key, one would need to initialize a gnutls_x509_spki_t object with necessary parameters for RSA-OAEP and attach it to the private key. It is also possible to import restricted private keys if they are stored in PKCS#8 format. ** libgnutls: Fix side-channel in the deterministic ECDSA. Reported by George Pantelakis (#1516). [GNUTLS-SA-2023-12-04, CVSS: medium] [CVE-2024-28834] ** libgnutls: Fixed a bug where certtool crashed when verifying a certificate chain with more than 16 certificates. Reported by William Woodruff (#1525) and yixiangzhike (#1527). [GNUTLS-SA-2024-01-23, CVSS: medium] [CVE-2024-28835] ** libgnutls: Compression libraries are now loaded dynamically as needed instead of all being loaded during gnutls library initialization. As a result, the library initialization should be faster. ** build: The gnutls library can now be linked with the static library of GMP. Note that in order for this to work libgmp.a needs to be compiled with -fPIC and libhogweed in Nettle also has to be linked to the static library of GMP. This can be used to prevent custom memory allocators from being overriden by other applications. ** API and ABI modifications: gnutls_x509_spki_get_rsa_oaep_params: New function. gnutls_x509_spki_set_rsa_oaep_params: New function. GNUTLS_PK_RSA_OAEP: New enum member of gnutls_pk_algorithm_t. (From OE-Core rev: feaa2b8065c7a02b52aa55954f05a3ee66260305) Signed-off-by: Simone Weiß <simone.p.weiss@posteo.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gnutls: print log if ptest failsSimone Weiß2024-02-081-0/+10
| | | | | | | | | | | | There are AB-INT issues with the gnutls tests and the test for naked-alerts is failing. Tweak the run-ptest script to save the error log to obtain more infos for debugging. Related to [YOCTO #15352]. (From OE-Core rev: 9665d272df34bcb2811a2f7a1afccabe4bebc9d1) Signed-off-by: Simone Weiß <simone.p.weiss@posteo.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gnutls: Upgrade 3.8.2 -> 3.8.3Simone Weiß2024-01-301-1/+1
| | | | | | | | | | | | | | | | | | | | | | | Upgrade version to adress recent CVE findings. Changelog ========= ** libgnutls: Fix more timing side-channel inside RSA-PSK key exchange [GNUTLS-SA-2024-01-14, CVSS: medium] [CVE-2024-0553] ** libgnutls: Fix assertion failure when verifying a certificate chain with a cycle of cross signatures [GNUTLS-SA-2024-01-09, CVSS: medium] [CVE-2024-0567] ** libgnutls: Fix regression in handling Ed25519 keys stored in PKCS#11 token certtool was unable to handle Ed25519 keys generated on PKCS#11 with pkcs11-tool (OpenSC). This is a regression introduced in 3.8.2. (From OE-Core rev: 705d2972b38efc9f331e3635c07ca92f8812b365) Signed-off-by: Simone Weiß <simone.p.weiss@posteo.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gnutls: upgrade 3.8.1 -> 3.8.2Wang Mingyu2023-11-301-1/+1
| | | | | | | | | | | | | | | | Changelog: ============ ** libgnutls: Fix timing side-channel inside RSA-PSK key exchange. ** libgnutls: Add API functions to perform ECDH and DH key agreement ** libgnutls: Added support for AES-GCM-SIV ciphers ** libgnutls: transparent KTLS support is extended to FreeBSD kernel ** gnutls-cli: New option --starttls-name (From OE-Core rev: 3c01bb0be8ddafa0aa1ad996ec524b51fd28f512) Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gnutls: update 3.8.0 -> 3.8.1Alexander Kanavin2023-09-072-6/+8
| | | | | | | (From OE-Core rev: 5f08d833669e96df5236773ae5a70bfb22f90b6b) Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gnutls: remove use of argp-standalone for muslRoss Burton2023-05-221-3/+0
| | | | | | | | | | | This was made obsoleten in 3.5.0 when crywrap was removed from the GnuTLS source tree. (From OE-Core rev: b49dc6f29533ab7debd299419c8b891e106f5d9d) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gnutls: clean up ptest compilationRoss Burton2023-05-221-4/+4
| | | | | | | | | | | Don't always build the tests in do_compile, use do_compile_ptest so they are only built when needed. (From OE-Core rev: 5f4b10a3361e273d22bc880b4127eb53291be47d) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gnutls: use system libtasn1Ross Burton2023-05-221-2/+2
| | | | | | | | | | | Instead of using an internal ASN.1 parser, re-use libtasn1 from the system by default. (From OE-Core rev: db20ffc4ffb5e734258f0a9f9d1fb72d1f0df490) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gnutls: add PACKAGECONFIG options for certification compressionRoss Burton2023-05-221-0/+4
| | | | | | | | | | | | GnuTLS has optional support for certificate compression. These are not widely enabled in other distributions and were previously disabled in standard builds, so don't enable them by default. (From OE-Core rev: d22a406e7ca3018e0d1c0a7b1b6254c2aba6faba) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gnutls: add PACKAGECONFIG for DANERoss Burton2023-05-221-2/+4
| | | | | | | | | | | | | | DANE (DNS-based Authentication of Named Entities) allows certificates to be bound to DNS entries. This requires unbound which is not part of oe-core. Add a PACKAGECONFIG but disable by default. (From OE-Core rev: cfb328b2a7c35a8c1e0dd7cd8c7552a0837db206) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gnutls: Add missing python ptest dependencyRichard Purdie2023-03-121-0/+2
| | | | | | | | Add dependency on python3 to fix execution in minimal images. (From OE-Core rev: bf5b15a8b7a2b2276109efc8a6fe54788908ef0d) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gnutls: Updated ther patch which fixes build error for fips enabled.leimaohui2023-03-011-1/+1
| | | | | | | | | | | The context of lib/Makefile.am in gnutls_3.8.0 has changed when updated from gnutls_3.7.8. (From OE-Core rev: 7c00bf8e0a0f9c88de6cf782b7fa3db7872c4100) Signed-off-by: Lei Maohui <leimaohui@fujitsu.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gnutls: update 3.7.8 -> 3.8.0Alexander Kanavin2023-02-204-27/+23
| | | | | | | | | | | | | | | Refresh patches. guile option removed upstream. License-update: formatting, urls https://github.com/gnutls/gnutls/commit/a39e528897184c6f6a33d245b82891a8dc8090ce (From OE-Core rev: 016025f1c77b9ffc00213e6056c5134f353ff541) Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gnutls: add ptest supportRavineet Singh2023-02-023-1/+157
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add gnutls unit-tests into ptest. Only self-contained tests (no external file system dependencies) are included. Some tests have been put in a disallow list in the run-ptest; these tests either require additional files (certificates) or environment setup prior to being run, via wrapper shell script. As autotools packages are built out-of-tree, it is cumbersome to add additional files. With regards to tests requiring wrapper scripts, it is possible to add logic to run these tests under run-ptests but that will require more effort to maintain, hence skipped. Verified via: $ runqemu qemux86-64 kvm nographic serial qemuparams='-m 4096 -smp 32' root@qemux86-64:~# ptest-runner gnutls START: ptest-runner BEGIN: /usr/lib64/gnutls/ptest PASS: aead-cipher-vec PASS: alerts PASS: anti_replay ... gnutls test summary: -------------------- total: 375 pass : 364 fail : 0 skip : 11 DURATION: 184 END: /usr/lib64/gnutls/ptest 2023-02-01T13:55 STOP: ptest-runner TOTAL: 1 FAIL: 0 (From OE-Core rev: 6061df3084b991ba4a54a3dca5dadda97e2364ac) Signed-off-by: Ravineet Singh <ravineet.a.singh@est.tech> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gnutls: upgrade 3.7.7 -> 3.7.8wangmy2022-10-261-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Changelog: ========= ** libgnutls: In FIPS140 mode, RSA signature verification is an approved operation if the key has modulus with known sizes (1024, 1280, 1536, and 1792 bits), in addition to any modulus sizes larger than 2048 bits, according to SP800-131A rev2. ** libgnutls: gnutls_session_channel_binding performs additional checks when GNUTLS_CB_TLS_EXPORTER is requested. According to RFC9622 4.2, the "tls-exporter" channel binding is only usable when the handshake is bound to a unique master secret (i.e., either TLS 1.3 or extended master secret extension is negotiated). Otherwise the function now returns error. ** libgnutls: usage of the following functions, which are designed to loosen restrictions imposed by allowlisting mode of configuration, has been additionally restricted. Invoking them is now only allowed if system-wide TLS priority string has not been initialized yet: gnutls_digest_set_secure gnutls_sign_set_secure gnutls_sign_set_secure_for_certs gnutls_protocol_set_enabled (From OE-Core rev: 858886aa07d0c2c2ef2489996cc8eca5fbe931fa) Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gnutls: Unified package names to lower-caseKeiya Nobuta2022-10-251-1/+1
| | | | | | | | | | | create-spdx can't detect the license properly if the case doesn't match, so fix it. (From OE-Core rev: 9c87828493784d996910d742006268a626ef0130) Signed-off-by: Keiya Nobuta <nobuta.keiya@fujitsu.com> Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libtasn1: upgrade 4.18.0 -> 4.19.0wangmy2022-09-011-1/+1
| | | | | | | | | | | | | | Changelog: =========== - Clarify libtasn1.map license. Closes: #38. - Fix ETYPE_OK out of bounds read. Closes: #32. - Update gnulib files and various maintenance fixes. (From OE-Core rev: b8f2c6ec61ffcc607a35bd5c11f5020c9b676226) Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gnutls: upgrade 3.7.6 -> 3.7.7Alexander Kanavin2022-08-101-1/+1
| | | | | | | | (From OE-Core rev: d70b29617789dcc7afe78e1d2d8b3f5122f6376f) Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gnutls: upgrade 3.7.5 -> 3.7.6Richard Purdie2022-06-041-1/+1
| | | | | | (From OE-Core rev: d3123a419165fadba10febec0bcaf83269b4a5a3) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gnutls: Added fips option.leimaohui2022-05-272-1/+51
| | | | | | | | | | | | | - Added a patch to avoid excute fipshmac command. Because *.hmac file should be created on target instead of on build environment. - Added pkg_postinst_ontarget to make sure necessary files are created on target. (From OE-Core rev: 1b5c620d10aa678871b6cea46e113c8fe3b79822) Signed-off-by: Lei Maohui <leimaohui@fujitsu.com> Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gnutls: upgrade 3.7.4 -> 3.7.5Alexander Kanavin2022-05-201-1/+1
| | | | | | | | (From OE-Core rev: f1dc9311d4d10ca8a3b8ddfb8a79f335f01f5048) Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gnutls: upgrade 3.7.3 -> 3.7.4wangmy2022-03-231-1/+1
| | | | | | | | (From OE-Core rev: ae347dd574644a168e36cb42cf0560cd18cd636d) Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX ↵Richard Purdie2022-02-202-8/+8
| | | | | | | | | | | | | license identifiers An automated conversion using scripts/contrib/convert-spdx-licenses.py to convert to use the standard SPDX license identifiers. Two recipes in meta-selftest were not converted as they're that way specifically for testing. A change in linux-firmware was also skipped and may need a more manual tweak. (From OE-Core rev: ceda3238cdbf1beb216ae9ddb242470d5dfc25e0) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gnutls: update 3.7.2 -> 3.7.3Alexander Kanavin2022-02-011-2/+1
| | | | | | | | | Drop unsupported option. (From OE-Core rev: 5a2d94e0df21992a30f95312da3bf8477f42785c) Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libtasn1: upgrade 4.17.0 -> 4.18.0wangmy2021-11-162-9/+20
| | | | | | | | | | | | | | * Noteworthy changes in release 4.18.0 (2021-11-09) [stable] - Improve GTK-DOC manual. Closes: #35. - Improve --help and --version for tools with gnulib. Closes: #37. - Update gnulib files and various maintenance fixes. refresh dont-depend-on-help2man.patch (From OE-Core rev: 0d15632f3db787d3f08eb260732567e62f52ffb3) Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* Convert to new override syntaxRichard Purdie2021-08-022-12/+12
| | | | | | | | | | | | This is the result of automated script conversion: scripts/contrib/convert-overrides.py <oe-core directory> converting the metadata to use ":" as the override character instead of "_". (From OE-Core rev: 42344347be29f0997cc2f7636d9603b1fe1875ae) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gnutls: upgrade 3.7.1 -> 3.7.2wangmy2021-06-121-1/+1
| | | | | | | (From OE-Core rev: 3593a4c47d5e8faccb27c7cd975f18f90b9cd86f) Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libtasn1: upgrade 4.16.0 -> 4.17.0wangmy2021-05-211-3/+3
| | | | | | | | | file LICENSE renamed to COPYING. (From OE-Core rev: 52e30a0344e727527cc3f498aa09bbbdfa1c2f47) Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gnutls: Point to staging area for finding seccomp libs and includesKhem Raj2021-04-271-1/+1
| | | | | | | | | | | | | | | This ensures that if libseccomp is installed on build host then it does not resort to use it. Fixes checking for libseccomp... (cached) yes checking how to link with libseccomp... /usr/lib/libseccomp.so (From OE-Core rev: 3751ac58720a500e3b749b2296922d7c82db49a1) Signed-off-by: Khem Raj <raj.khem@gmail.com> Cc: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gnutls: Enable seccomp if FEATURE is setArmin Kuster2021-04-261-1/+1
| | | | | | | (From OE-Core rev: f2527b5567252c7da4fbd863e119c8114e6debcd) Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gnutls: upgrade 3.7.0 -> 3.7.1Wang Mingyu2021-03-311-1/+1
| | | | | | | (From OE-Core rev: 7123b17db594b13c52414cd20beceb2a54841c4e) Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* recipes-support: Add missing HOMEPAGE and DESCRIPTION for recipesMeh Mbeh Ida Delphine2021-03-022-1/+5
| | | | | | | | | Fixes: [YOCTO #13471] (From OE-Core rev: 6db24928d62aeb093a0e6da6619713eaca57a96f) Signed-off-by: Ida Delphine <idadelm@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gnutls: update 3.6.15 -> 3.7.0Alexander Kanavin2020-12-312-3/+14
| | | | | | | (From OE-Core rev: 6c4b2dcf82378419efca587f033ecac08fbc3b00) Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gnutls: explicitly set --with-librt-prefixMartin Jansa2020-11-021-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * it will try to link with librt from host and if you have it on host (libc6-dev-i386 in ubuntu) it fails with: /usr/lib32/librt.so: error: undefined reference to '__clock_settime', version 'GLIBC_PRIVATE' /usr/lib32/librt.so: error: undefined reference to '__clock_getcpuclockid', version 'GLIBC_PRIVATE' /usr/lib32/librt.so: error: undefined reference to '__clock_getres', version 'GLIBC_PRIVATE' /usr/lib32/librt.so: error: undefined reference to '__clock_nanosleep', version 'GLIBC_PRIVATE' collect2: error: ld returned 1 exit status in older 3.6.14 it was using /usr/lib32/librt.so from host as well, but without do_compile failing configure:17539: checking for librt configure:17563: i686-oe-linux-gcc -m32 -march=core2 -mtune=core2 -msse3 -mfpmath=sse -fstack-protector-strong -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security -Werror=return-type --sysroot=/tmpdir/work/qemux86-oe-linux/gnutls/3.6.14-r0/recipe-sysroot -o conftest -O2 -pipe -g -feliminate-unused-debug-types -fmacro-prefix-map=/tmpdir/work/qemux86-oe-linux/gnutls/3.6.14-r0=/usr/src/debug/gnutls/3.6.14-r0 -fdebug-prefix-map=/tmpdir/work/qemux86-oe-linux/gnutls/3.6.14-r0=/usr/src/debug/gnutls/3.6.14-r0 -fdebug-prefix-map=/tmpdir/work/qemux86-oe-linux/gnutls/3.6.14-r0/recipe-sysroot= -fdebug-prefix-map=/tmpdir/work/qemux86-oe-linux/gnutls/3.6.14-r0/recipe-sysroot-native= -Wl,-O1 -Wl,--hash-style=gnu -Wl,--as-needed -Wl,-z,relro,-z,now conftest.c /usr/lib32/librt.so >&5 configure:17563: $? = 0 configure:17573: result: yes configure:17580: checking how to link with librt configure:17582: result: /usr/lib32/librt.so with --with-librt-prefix passed, it finds the right one as shown in build/config.log: configure:17551: checking for librt configure:17575: i686-oe-linux-gcc -m32 -march=core2 -mtune=core2 -msse3 -mfpmath=sse -fstack-protector-strong -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security -Werror=return-type --sysroot=/tmpdir/work/qemux86-oe-linux/gnutls/3.6.15-r0/recipe-sysroot -o conftest -O2 -pipe -g -feliminate-unused-debug-types -fmacro-prefix-map=/tmpdir/work/qemux86-oe-linux/gnutls/3.6.15-r0=/usr/src/debug/gnutls/3.6.15-r0 -fdebug-prefix-map=/tmpdir/work/qemux86-oe-linux/gnutls/3.6.15-r0=/usr/src/debug/gnutls/3.6.15-r0 -fdebug-prefix-map=/tmpdir/work/qemux86-oe-linux/gnutls/3.6.15-r0/recipe-sysroot= -fdebug-prefix-map=/tmpdir/work/qemux86-oe-linux/gnutls/3.6.15-r0/recipe-sysroot-native= -I/tmpdir/work/qemux86-oe-linux/gnutls/3.6.15-r0/recipe-sysroot/usr/include -Wl,-O1 -Wl,--hash-style=gnu -Wl,--as-needed -Wl,-z,relro,-z,now conftest.c /tmpdir/work/qemux86-oe-linux/gnutls/3.6.15-r0/recipe-sysroot/usr/lib/librt.so >&5 configure:17575: $? = 0 configure:17585: result: yes configure:17592: checking how to link with librt configure:17594: result: /tmpdir/work/qemux86-oe-linux/gnutls/3.6.15-r0/recipe-sysroot/usr/lib/librt.so (From OE-Core rev: d355cd38904460f3add2b0b9477e8ddfd42b22e1) Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gnutls: update 3.16.4 -> 3.16.5Alexander Kanavin2020-10-303-211/+2
| | | | | | | (From OE-Core rev: 2f38d5c97abbc84a55ad22dcd328f627380e79a8) Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gnutls: CVE-2020-24659Zhixiong Chi2020-09-082-0/+118
| | | | | | | | | | | Backport the CVE patch from the usptream: https://gitlab.com/gnutls/gnutls.git commit 29ee67c205855e848a0a26e6d0e4f65b6b943e0a (From OE-Core rev: 84b1bc500e318657cb7a8a189b59cc63bc91dca3) Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gnutls: Fix krb5 code license to GPLv2.1+ to match the LICENSE file.zhengruoqin2020-07-122-0/+91
| | | | | | | | | | | This was discussed and accepted upstream by the project so their license is consistent. Please reference to https://gitlab.com/gnutls/gnutls/-/issues/1018 and https://gitlab.com/gnutls/gnutls/-/merge_requests/1285. (From OE-Core rev: 267d07301c79c24969c169add05284f612c41d77) Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gnutls: upgrade 3.6.13 -> 3.6.14Alexander Kanavin2020-06-091-2/+1
| | | | | | | (From OE-Core rev: cd88c81804a4a52b9875f2244c9f35911539be96) Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libtasn1: Remove workaround for host gcc < 5Adrian Bunk2020-05-141-2/+0
| | | | | | | (From OE-Core rev: 2c037f830856018b212d532198ae17932b3521d1) Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gnutls: upgrade 3.6.12 -> 3.6.13Wang Mingyu2020-04-241-2/+2
| | | | | | | (From OE-Core rev: 5cc0f0dcf1f41bc148b034b3f7abef756a328cd3) Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gnutls: upgrade 3.6.11.1 -> 3.6.12Alexander Kanavin2020-02-281-2/+2
| | | | | | | (From OE-Core rev: 8652c95ceb505dd7386166842486c833ea5a7ee7) Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>