diff mbox series

gnutls: upgrade 3.8.10 -> 3.8.11

Message ID 20251126233410.1243674-1-peter.marko@siemens.com
State Accepted, archived
Commit 0224dd73d5e462e3ab0958a63d631aa32e330d6c
Headers show
Series gnutls: upgrade 3.8.10 -> 3.8.11 | expand

Commit Message

Marko, Peter Nov. 26, 2025, 11:34 p.m. UTC 
From: Peter Marko <peter.marko@siemens.com>

Release information: [1]
Includes fix for CVE-2025-9820.

Refresh patches.

[1] https://lists.gnupg.org/pipermail/gnutls-help/2025-November/004906.html

Signed-off-by: Peter Marko <peter.marko@siemens.com>
---
 ...eating-.hmac-file-should-be-excuted-in-target-envi.patch | 2 +-
 meta/recipes-support/gnutls/gnutls/Add-ptest-support.patch  | 6 +++---
 .../gnutls/{gnutls_3.8.10.bb => gnutls_3.8.11.bb}           | 2 +-
 3 files changed, 5 insertions(+), 5 deletions(-)
 rename meta/recipes-support/gnutls/{gnutls_3.8.10.bb => gnutls_3.8.11.bb} (97%)

Comments

Mathieu Dubois-Briand Dec. 3, 2025, 12:13 p.m. UTC | #1 
On Thu Nov 27, 2025 at 12:34 AM CET, Peter Marko via lists.openembedded.org wrote:
> From: Peter Marko <peter.marko@siemens.com>
>
> Release information: [1]
> Includes fix for CVE-2025-9820.
>
> Refresh patches.
>
> [1] https://lists.gnupg.org/pipermail/gnutls-help/2025-November/004906.html
>
> Signed-off-by: Peter Marko <peter.marko@siemens.com>
> ---

Hi Peter,

Thanks for your patch.

It looks like we got some build issues, at least when building native:

ERROR: gnutls-native-3.8.11-r0 do_compile: Execution of '/srv/pokybuild/yocto-worker/qemux86-tc/build/build-st-2982165/tmp/work/x86_64-linux/gnutls-native/3.8.11/temp/run.do_compile.1834094' failed with exit code 1
...
| In file included from ../../sources/gnutls-3.8.11/lib/audit.h:22,
|                  from ../../sources/gnutls-3.8.11/lib/audit.c:26:
| ../../sources/gnutls-3.8.11/lib/crau/crau.h:255:23: error: missing binary operator before token "("
|   255 |     __has_c_attribute (__maybe_unused__)
|       |                       ^

https://autobuilder.yoctoproject.org/valkyrie/#/builders/28/builds/2721
https://autobuilder.yoctoproject.org/valkyrie/#/builders/63/builds/2632

Can you have a look at what's going on?

Thanks,
Mathieu
Marko, Peter Dec. 3, 2025, 12:15 p.m. UTC | #2 
> -----Original Message-----
> From: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
> Sent: Wednesday, December 3, 2025 13:14
> To: Marko, Peter (FT D EU SK BFS1) <Peter.Marko@siemens.com>;
> openembedded-core@lists.openembedded.org
> Subject: Re: [OE-core][PATCH] gnutls: upgrade 3.8.10 -> 3.8.11
> 
> On Thu Nov 27, 2025 at 12:34 AM CET, Peter Marko via lists.openembedded.org
> wrote:
> > From: Peter Marko <peter.marko@siemens.com>
> >
> > Release information: [1]
> > Includes fix for CVE-2025-9820.
> >
> > Refresh patches.
> >
> > [1] https://lists.gnupg.org/pipermail/gnutls-help/2025-November/004906.html
> >
> > Signed-off-by: Peter Marko <peter.marko@siemens.com>
> > ---
> 
> Hi Peter,
> 
> Thanks for your patch.
> 
> It looks like we got some build issues, at least when building native:
> 
> ERROR: gnutls-native-3.8.11-r0 do_compile: Execution of '/srv/pokybuild/yocto-
> worker/qemux86-tc/build/build-st-2982165/tmp/work/x86_64-linux/gnutls-
> native/3.8.11/temp/run.do_compile.1834094' failed with exit code 1
> ...
> | In file included from ../../sources/gnutls-3.8.11/lib/audit.h:22,
> |                  from ../../sources/gnutls-3.8.11/lib/audit.c:26:
> | ../../sources/gnutls-3.8.11/lib/crau/crau.h:255:23: error: missing binary operator
> before token "("
> |   255 |     __has_c_attribute (__maybe_unused__)
> |       |                       ^
> 
> https://autobuilder.yoctoproject.org/valkyrie/#/builders/28/builds/2721
> https://autobuilder.yoctoproject.org/valkyrie/#/builders/63/builds/2632

Hi Matthieu,

only Debian-11 or more hosts had this problem?

Peter

> 
> Can you have a look at what's going on?
> 
> Thanks,
> Mathieu
> 
> --
> Mathieu Dubois-Briand, Bootlin
> Embedded Linux and Kernel engineering
> https://bootlin.com
Mathieu Dubois-Briand Dec. 3, 2025, 4:22 p.m. UTC | #3 
On Wed Dec 3, 2025 at 1:15 PM CET, Peter Marko wrote:
>
>
>> -----Original Message-----
>> From: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
>> Sent: Wednesday, December 3, 2025 13:14
>> To: Marko, Peter (FT D EU SK BFS1) <Peter.Marko@siemens.com>;
>> openembedded-core@lists.openembedded.org
>> Subject: Re: [OE-core][PATCH] gnutls: upgrade 3.8.10 -> 3.8.11
>> 
>> On Thu Nov 27, 2025 at 12:34 AM CET, Peter Marko via lists.openembedded.org
>> wrote:
>> > From: Peter Marko <peter.marko@siemens.com>
>> >
>> > Release information: [1]
>> > Includes fix for CVE-2025-9820.
>> >
>> > Refresh patches.
>> >
>> > [1] https://lists.gnupg.org/pipermail/gnutls-help/2025-November/004906.html
>> >
>> > Signed-off-by: Peter Marko <peter.marko@siemens.com>
>> > ---
>> 
>> Hi Peter,
>> 
>> Thanks for your patch.
>> 
>> It looks like we got some build issues, at least when building native:
>> 
>> ERROR: gnutls-native-3.8.11-r0 do_compile: Execution of '/srv/pokybuild/yocto-
>> worker/qemux86-tc/build/build-st-2982165/tmp/work/x86_64-linux/gnutls-
>> native/3.8.11/temp/run.do_compile.1834094' failed with exit code 1
>> ...
>> | In file included from ../../sources/gnutls-3.8.11/lib/audit.h:22,
>> |                  from ../../sources/gnutls-3.8.11/lib/audit.c:26:
>> | ../../sources/gnutls-3.8.11/lib/crau/crau.h:255:23: error: missing binary operator
>> before token "("
>> |   255 |     __has_c_attribute (__maybe_unused__)
>> |       |                       ^
>> 
>> https://autobuilder.yoctoproject.org/valkyrie/#/builders/28/builds/2721
>> https://autobuilder.yoctoproject.org/valkyrie/#/builders/63/builds/2632
>
> Hi Matthieu,
>
> only Debian-11 or more hosts had this problem?
>
> Peter
>

It looks like it is indeed only occurring on debian 11. I've launched
two other builds on other workers, and I can't see the issue so far
(build is still in progress).

https://autobuilder.yoctoproject.org/valkyrie/#/builders/28/builds/2724
https://autobuilder.yoctoproject.org/valkyrie/#/builders/63/builds/2635

Thanks,
Mathieu
Marko, Peter Dec. 3, 2025, 7:40 p.m. UTC | #4 
I have backported patch to fix build on Debian 11 and sent a v2.
Peter

> -----Original Message-----
> From: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
> Sent: Wednesday, December 3, 2025 17:23
> To: Marko, Peter (FT D EU SK BFS1) <Peter.Marko@siemens.com>;
> openembedded-core@lists.openembedded.org
> Subject: Re: [OE-core][PATCH] gnutls: upgrade 3.8.10 -> 3.8.11
> 
> On Wed Dec 3, 2025 at 1:15 PM CET, Peter Marko wrote:
> >
> >
> >> -----Original Message-----
> >> From: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
> >> Sent: Wednesday, December 3, 2025 13:14
> >> To: Marko, Peter (FT D EU SK BFS1) <Peter.Marko@siemens.com>;
> >> openembedded-core@lists.openembedded.org
> >> Subject: Re: [OE-core][PATCH] gnutls: upgrade 3.8.10 -> 3.8.11
> >>
> >> On Thu Nov 27, 2025 at 12:34 AM CET, Peter Marko via
> lists.openembedded.org
> >> wrote:
> >> > From: Peter Marko <peter.marko@siemens.com>
> >> >
> >> > Release information: [1]
> >> > Includes fix for CVE-2025-9820.
> >> >
> >> > Refresh patches.
> >> >
> >> > [1] https://lists.gnupg.org/pipermail/gnutls-help/2025-November/004906.html
> >> >
> >> > Signed-off-by: Peter Marko <peter.marko@siemens.com>
> >> > ---
> >>
> >> Hi Peter,
> >>
> >> Thanks for your patch.
> >>
> >> It looks like we got some build issues, at least when building native:
> >>
> >> ERROR: gnutls-native-3.8.11-r0 do_compile: Execution of
> '/srv/pokybuild/yocto-
> >> worker/qemux86-tc/build/build-st-2982165/tmp/work/x86_64-linux/gnutls-
> >> native/3.8.11/temp/run.do_compile.1834094' failed with exit code 1
> >> ...
> >> | In file included from ../../sources/gnutls-3.8.11/lib/audit.h:22,
> >> |                  from ../../sources/gnutls-3.8.11/lib/audit.c:26:
> >> | ../../sources/gnutls-3.8.11/lib/crau/crau.h:255:23: error: missing binary
> operator
> >> before token "("
> >> |   255 |     __has_c_attribute (__maybe_unused__)
> >> |       |                       ^
> >>
> >> https://autobuilder.yoctoproject.org/valkyrie/#/builders/28/builds/2721
> >> https://autobuilder.yoctoproject.org/valkyrie/#/builders/63/builds/2632
> >
> > Hi Matthieu,
> >
> > only Debian-11 or more hosts had this problem?
> >
> > Peter
> >
> 
> It looks like it is indeed only occurring on debian 11. I've launched
> two other builds on other workers, and I can't see the issue so far
> (build is still in progress).
> 
> https://autobuilder.yoctoproject.org/valkyrie/#/builders/28/builds/2724
> https://autobuilder.yoctoproject.org/valkyrie/#/builders/63/builds/2635
> 
> Thanks,
> Mathieu
> 
> --
> Mathieu Dubois-Briand, Bootlin
> Embedded Linux and Kernel engineering
> https://bootlin.com
diff mbox series

Patch

diff --git a/meta/recipes-support/gnutls/gnutls/0001-Creating-.hmac-file-should-be-excuted-in-target-envi.patch b/meta/recipes-support/gnutls/gnutls/0001-Creating-.hmac-file-should-be-excuted-in-target-envi.patch
index 2dccea7859..0847dde8a9 100644
--- a/meta/recipes-support/gnutls/gnutls/0001-Creating-.hmac-file-should-be-excuted-in-target-envi.patch
+++ b/meta/recipes-support/gnutls/gnutls/0001-Creating-.hmac-file-should-be-excuted-in-target-envi.patch
@@ -14,7 +14,7 @@  diff --git a/lib/Makefile.am b/lib/Makefile.am
 index a50d311..193ea19 100644
 --- a/lib/Makefile.am
 +++ b/lib/Makefile.am
-@@ -272,8 +272,7 @@ hmac_file = .libs/.$(gnutls_so).hmac
+@@ -275,8 +275,7 @@ hmac_file = .libs/.$(gnutls_so).hmac
  
  all-local: $(hmac_file)
  
diff --git a/meta/recipes-support/gnutls/gnutls/Add-ptest-support.patch b/meta/recipes-support/gnutls/gnutls/Add-ptest-support.patch
index 339d3d2f9e..d8b5035b38 100644
--- a/meta/recipes-support/gnutls/gnutls/Add-ptest-support.patch
+++ b/meta/recipes-support/gnutls/gnutls/Add-ptest-support.patch
@@ -15,7 +15,7 @@  diff --git a/Makefile.am b/Makefile.am
 index 843193f..816b09f 100644
 --- a/Makefile.am
 +++ b/Makefile.am
-@@ -194,6 +194,9 @@ dist-hook:
+@@ -197,6 +197,9 @@ dist-hook:
  distcheck-hook:
  	@test -d "$(top_srcdir)/po/.reference" || { echo "PO files are not downloaded; run ./bootstrap without --skip-po"; exit 1; }
  
@@ -29,7 +29,7 @@  diff --git a/configure.ac b/configure.ac
 index 1744813..efb9e34 100644
 --- a/configure.ac
 +++ b/configure.ac
-@@ -1491,6 +1491,8 @@ AC_SUBST(LIBGNUTLS_CFLAGS)
+@@ -1447,6 +1447,8 @@ AC_SUBST(LIBGNUTLS_CFLAGS)
  
  AM_CONDITIONAL(NEEDS_LIBRT, test "$gnutls_needs_librt" = "yes")
  
@@ -42,7 +42,7 @@  diff --git a/tests/Makefile.am b/tests/Makefile.am
 index 189d068..8430b05 100644
 --- a/tests/Makefile.am
 +++ b/tests/Makefile.am
-@@ -678,6 +678,12 @@ SH_LOG_COMPILER = $(SHELL)
+@@ -719,6 +719,12 @@ SH_LOG_COMPILER = $(SHELL)
  AM_VALGRINDFLAGS = --suppressions=$(srcdir)/suppressions.valgrind
  LOG_COMPILER = $(LOG_VALGRIND)
  
diff --git a/meta/recipes-support/gnutls/gnutls_3.8.10.bb b/meta/recipes-support/gnutls/gnutls_3.8.11.bb
similarity index 97%
rename from meta/recipes-support/gnutls/gnutls_3.8.10.bb
rename to meta/recipes-support/gnutls/gnutls_3.8.11.bb
index 2ef71a1213..7fee64080b 100644
--- a/meta/recipes-support/gnutls/gnutls_3.8.10.bb
+++ b/meta/recipes-support/gnutls/gnutls_3.8.11.bb
@@ -25,7 +25,7 @@  SRC_URI = "https://www.gnupg.org/ftp/gcrypt/gnutls/v${SHRT_VER}/gnutls-${PV}.tar
            file://Add-ptest-support.patch \
            "
 
-SRC_URI[sha256sum] = "db7fab7cce791e7727ebbef2334301c821d79a550ec55c9ef096b610b03eb6b7"
+SRC_URI[sha256sum] = "91bd23c4a86ebc6152e81303d20cf6ceaeb97bc8f84266d0faec6e29f17baa20"
 
 inherit autotools texinfo pkgconfig gettext lib_package gtk-doc ptest