@@ -1,4 +1,4 @@
-From 7be8ec59a53e93c2bd453b3ba2d63d1b300ef11f Mon Sep 17 00:00:00 2001
+From c4f6cb380471b5e5478ae6f7f8c5604a6a64ec1c Mon Sep 17 00:00:00 2001
From: Lei Maohui <leimaohui@fujitsu.com>
Date: Mon, 23 May 2022 10:44:43 +0900
Subject: [PATCH] Creating .hmac file should be excuted in target environment,
deleted file mode 100644
@@ -1,269 +0,0 @@
-From 2d73d945c4b1dfcf8d2328c4d23187d62ffaab2d Mon Sep 17 00:00:00 2001
-From: Zoltan Fridrich <zfridric@redhat.com>
-Date: Wed, 10 Apr 2024 12:51:33 +0200
-Subject: [PATCH] Fix RSAES-PKCS1-v1_5 system-wide configuration
-
-Upstream-Status: Backport [expected for 3.8.6 https://gitlab.com/gnutls/gnutls/-/merge_requests/1830?commit_id=2d73d945c4b1dfcf8d2328c4d23187d62ffaab2d]
-
-Signed-off-by: Simone Weiß <simone.p.weiss@posteo.com>
-Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
----
- lib/priority.c | 125 +++++++++++-------
- ...system-override-allow-rsa-pkcs1-encrypt.sh | 27 +++-
- 2 files changed, 96 insertions(+), 56 deletions(-)
-
-diff --git a/lib/priority.c b/lib/priority.c
-index 8abe00d1ff..3434619aad 100644
---- a/lib/priority.c
-+++ b/lib/priority.c
-@@ -1018,6 +1018,12 @@ struct cfg {
- bool force_ext_master_secret_set;
- };
-
-+static inline void cfg_init(struct cfg *cfg)
-+{
-+ memset(cfg, 0, sizeof(*cfg));
-+ cfg->allow_rsa_pkcs1_encrypt = true;
-+}
-+
- static inline void cfg_deinit(struct cfg *cfg)
- {
- if (cfg->priority_strings) {
-@@ -1095,6 +1101,12 @@ struct ini_ctx {
- size_t curves_size;
- };
-
-+static inline void ini_ctx_init(struct ini_ctx *ctx)
-+{
-+ memset(ctx, 0, sizeof(*ctx));
-+ cfg_init(&ctx->cfg);
-+}
-+
- static inline void ini_ctx_deinit(struct ini_ctx *ctx)
- {
- cfg_deinit(&ctx->cfg);
-@@ -1423,9 +1435,6 @@ static inline int cfg_apply(struct cfg *cfg, struct ini_ctx *ctx)
- _gnutls_default_priority_string = cfg->default_priority_string;
- }
-
-- /* enable RSA-PKCS1-V1_5 by default */
-- cfg->allow_rsa_pkcs1_encrypt = true;
--
- if (cfg->allowlisting) {
- /* also updates `flags` of global `hash_algorithms[]` */
- ret = cfg_hashes_set_array(cfg, ctx->hashes, ctx->hashes_size);
-@@ -2217,22 +2226,73 @@ update_system_wide_priority_string(void)
- return 0;
- }
-
-+/* Returns false on parse error, otherwise true.
-+ * The system_wide_config must be locked for writing.
-+ */
-+static inline bool load_system_priority_file(void)
-+{
-+ int err;
-+ FILE *fp;
-+ struct ini_ctx ctx;
-+
-+ cfg_init(&system_wide_config);
-+
-+ fp = fopen(system_priority_file, "re");
-+ if (fp == NULL) {
-+ _gnutls_debug_log("cfg: unable to open: %s: %d\n",
-+ system_priority_file, errno);
-+ return true;
-+ }
-+
-+ /* Parsing the configuration file needs to be done in 2 phases:
-+ * first parsing the [global] section
-+ * and then the other sections,
-+ * because the [global] section modifies the parsing behavior.
-+ */
-+ ini_ctx_init(&ctx);
-+ err = ini_parse_file(fp, global_ini_handler, &ctx);
-+ if (!err) {
-+ if (fseek(fp, 0L, SEEK_SET) < 0) {
-+ _gnutls_debug_log("cfg: unable to rewind: %s\n",
-+ system_priority_file);
-+ if (fail_on_invalid_config)
-+ exit(1);
-+ }
-+ err = ini_parse_file(fp, cfg_ini_handler, &ctx);
-+ }
-+ fclose(fp);
-+ if (err) {
-+ ini_ctx_deinit(&ctx);
-+ _gnutls_debug_log("cfg: unable to parse: %s: %d\n",
-+ system_priority_file, err);
-+ return false;
-+ }
-+ cfg_apply(&system_wide_config, &ctx);
-+ ini_ctx_deinit(&ctx);
-+ return true;
-+}
-+
- static int _gnutls_update_system_priorities(bool defer_system_wide)
- {
-- int ret, err = 0;
-+ int ret;
-+ bool config_parse_error = false;
- struct stat sb;
-- FILE *fp;
- gnutls_buffer_st buf;
-- struct ini_ctx ctx;
-
- ret = gnutls_rwlock_rdlock(&system_wide_config_rwlock);
-- if (ret < 0) {
-+ if (ret < 0)
- return gnutls_assert_val(ret);
-- }
-
- if (stat(system_priority_file, &sb) < 0) {
- _gnutls_debug_log("cfg: unable to access: %s: %d\n",
- system_priority_file, errno);
-+
-+ (void)gnutls_rwlock_unlock(&system_wide_config_rwlock);
-+ ret = gnutls_rwlock_wrlock(&system_wide_config_rwlock);
-+ if (ret < 0)
-+ goto out;
-+ /* If system-wide config is unavailable, apply the defaults */
-+ cfg_init(&system_wide_config);
- goto out;
- }
-
-@@ -2240,63 +2300,27 @@ static int _gnutls_update_system_priorities(bool defer_system_wide)
- system_priority_last_mod == sb.st_mtime) {
- _gnutls_debug_log("cfg: system priority %s has not changed\n",
- system_priority_file);
-- if (system_wide_config.priority_string) {
-+ if (system_wide_config.priority_string)
- goto out; /* nothing to do */
-- }
- }
-
- (void)gnutls_rwlock_unlock(&system_wide_config_rwlock);
-
- ret = gnutls_rwlock_wrlock(&system_wide_config_rwlock);
-- if (ret < 0) {
-+ if (ret < 0)
- return gnutls_assert_val(ret);
-- }
-
- /* Another thread could have successfully re-read system-wide config,
- * skip re-reading if the mtime it has used is exactly the same.
- */
-- if (system_priority_file_loaded) {
-+ if (system_priority_file_loaded)
- system_priority_file_loaded =
- (system_priority_last_mod == sb.st_mtime);
-- }
-
- if (!system_priority_file_loaded) {
-- _name_val_array_clear(&system_wide_config.priority_strings);
--
-- gnutls_free(system_wide_config.priority_string);
-- system_wide_config.priority_string = NULL;
--
-- fp = fopen(system_priority_file, "re");
-- if (fp == NULL) {
-- _gnutls_debug_log("cfg: unable to open: %s: %d\n",
-- system_priority_file, errno);
-+ config_parse_error = !load_system_priority_file();
-+ if (config_parse_error)
- goto out;
-- }
-- /* Parsing the configuration file needs to be done in 2 phases:
-- * first parsing the [global] section
-- * and then the other sections,
-- * because the [global] section modifies the parsing behavior.
-- */
-- memset(&ctx, 0, sizeof(ctx));
-- err = ini_parse_file(fp, global_ini_handler, &ctx);
-- if (!err) {
-- if (fseek(fp, 0L, SEEK_SET) < 0) {
-- _gnutls_debug_log("cfg: unable to rewind: %s\n",
-- system_priority_file);
-- if (fail_on_invalid_config)
-- exit(1);
-- }
-- err = ini_parse_file(fp, cfg_ini_handler, &ctx);
-- }
-- fclose(fp);
-- if (err) {
-- ini_ctx_deinit(&ctx);
-- _gnutls_debug_log("cfg: unable to parse: %s: %d\n",
-- system_priority_file, err);
-- goto out;
-- }
-- cfg_apply(&system_wide_config, &ctx);
-- ini_ctx_deinit(&ctx);
- _gnutls_debug_log("cfg: loaded system config %s mtime %lld\n",
- system_priority_file,
- (unsigned long long)sb.st_mtime);
-@@ -2332,9 +2356,8 @@ static int _gnutls_update_system_priorities(bool defer_system_wide)
- out:
- (void)gnutls_rwlock_unlock(&system_wide_config_rwlock);
-
-- if (err && fail_on_invalid_config) {
-+ if (config_parse_error && fail_on_invalid_config)
- exit(1);
-- }
-
- return ret;
- }
-diff --git a/tests/system-override-allow-rsa-pkcs1-encrypt.sh b/tests/system-override-allow-rsa-pkcs1-encrypt.sh
-index b7d477c96e..714d0af946 100755
---- a/tests/system-override-allow-rsa-pkcs1-encrypt.sh
-+++ b/tests/system-override-allow-rsa-pkcs1-encrypt.sh
-@@ -19,9 +19,8 @@
- # You should have received a copy of the GNU Lesser General Public License
- # along with this program. If not, see <https://www.gnu.org/licenses/>
-
--: ${srcdir=.}
--TEST=${srcdir}/rsaes-pkcs1-v1_5
--CONF=${srcdir}/config.$$.tmp
-+TEST=${builddir}/rsaes-pkcs1-v1_5
-+CONF=config.$$.tmp
- export GNUTLS_SYSTEM_PRIORITY_FILE=${CONF}
- export GNUTLS_SYSTEM_PRIORITY_FAIL_ON_INVALID=1
-
-@@ -38,15 +37,33 @@ cat <<_EOF_ > ${CONF}
- allow-rsa-pkcs1-encrypt = true
- _EOF_
-
--${TEST} && fail "RSAES-PKCS1-v1_5 expected to succeed"
-+${TEST}
-+if [ $? != 0 ]; then
-+ echo "${TEST} expected to succeed"
-+ exit 1
-+fi
-+echo "RSAES-PKCS1-v1_5 successfully enabled"
-
- cat <<_EOF_ > ${CONF}
- [overrides]
- allow-rsa-pkcs1-encrypt = false
- _EOF_
-
--${TEST} || fail "RSAES-PKCS1-v1_5 expected to fail"
-+${TEST}
-+if [ $? = 0 ]; then
-+ echo "${TEST} expected to fail"
-+ exit 1
-+fi
-+echo "RSAES-PKCS1-v1_5 successfully disabled"
-
- unset GNUTLS_SYSTEM_PRIORITY_FILE
- unset GNUTLS_SYSTEM_PRIORITY_FAIL_ON_INVALID
-+
-+${TEST}
-+if [ $? != 0 ]; then
-+ echo "${TEST} expected to succeed by default"
-+ exit 1
-+fi
-+echo "RSAES-PKCS1-v1_5 successfully enabled by default"
-+
- exit 0
-GitLab
-
-
@@ -1,4 +1,4 @@
-From bfa70adcbda4e505cf2e597907852e78e0439ee2 Mon Sep 17 00:00:00 2001
+From 6abc86acecff5a30173eb78a971ec5b65f77e1de Mon Sep 17 00:00:00 2001
From: Ravineet Singh <ravineet.a.singh@est.tech>
Date: Tue, 10 Jan 2023 16:11:10 +0100
Subject: [PATCH] gnutls: add ptest support
@@ -26,10 +26,10 @@ index 843193f..816b09f 100644
include $(top_srcdir)/cligen/cligen.mk
diff --git a/configure.ac b/configure.ac
-index 934377e..4406eae 100644
+index 1744813..efb9e34 100644
--- a/configure.ac
+++ b/configure.ac
-@@ -1213,6 +1213,8 @@ AC_SUBST(LIBGNUTLS_CFLAGS)
+@@ -1226,6 +1226,8 @@ AC_SUBST(LIBGNUTLS_CFLAGS)
AM_CONDITIONAL(NEEDS_LIBRT, test "$gnutls_needs_librt" = "yes")
@@ -39,10 +39,10 @@ index 934377e..4406eae 100644
hw_features=
diff --git a/tests/Makefile.am b/tests/Makefile.am
-index e39a3b3..861dd63 100644
+index 189d068..8430b05 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
-@@ -663,6 +663,12 @@ SH_LOG_COMPILER = $(SHELL)
+@@ -668,6 +668,12 @@ SH_LOG_COMPILER = $(SHELL)
AM_VALGRINDFLAGS = --suppressions=$(srcdir)/suppressions.valgrind
LOG_COMPILER = $(LOG_VALGRIND)
@@ -1,4 +1,4 @@
-From d17ae0ef31c3c186766a338e8c40c87d1b98820e Mon Sep 17 00:00:00 2001
+From 46b3079095c5ceb0dc742785853bbaf288f325c6 Mon Sep 17 00:00:00 2001
From: Joe Slater <jslater@windriver.com>
Date: Wed, 25 Jan 2017 13:52:59 -0800
Subject: [PATCH] gnutls: account for ARM_EABI
similarity index 95%
rename from meta/recipes-support/gnutls/gnutls_3.8.5.bb
rename to meta/recipes-support/gnutls/gnutls_3.8.6.bb
@@ -21,12 +21,11 @@ SHRT_VER = "${@d.getVar('PV').split('.')[0]}.${@d.getVar('PV').split('.')[1]}"
SRC_URI = "https://www.gnupg.org/ftp/gcrypt/gnutls/v${SHRT_VER}/gnutls-${PV}.tar.xz \
file://arm_eabi.patch \
file://0001-Creating-.hmac-file-should-be-excuted-in-target-envi.patch \
- file://0001-Fix-RSAES-PKCS1-v1_5-system-wide-configuration.patch \
file://run-ptest \
file://Add-ptest-support.patch \
"
-SRC_URI[sha256sum] = "66269a2cfe0e1c2dabec87bdbbd8ab656f396edd9a40dd006978e003cfa52bfc"
+SRC_URI[sha256sum] = "2e1588aae53cb32d43937f1f4eca28febd9c0c7aa1734fc5dd61a7e81e0ebcdd"
inherit autotools texinfo pkgconfig gettext lib_package gtk-doc ptest
Hello, this email is a notification from the Auto Upgrade Helper that the automatic attempt to upgrade the recipe *gnutls* to *3.8.6* has Succeeded. Next steps: - apply the patch: git am 0001-gnutls-upgrade-3.8.5-3.8.6.patch - check the changes to upstream patches and summarize them in the commit message, - compile an image that contains the package - perform some basic sanity tests - amend the patch and sign it off: git commit -s --reset-author --amend - send it to the appropriate mailing list Alternatively, if you believe the recipe should not be upgraded at this time, you can fill RECIPE_NO_UPDATE_REASON in respective recipe file so that automatic upgrades would no longer be attempted. Please review the attached files for further information and build/update failures. Any problem please file a bug at https://bugzilla.yoctoproject.org/enter_bug.cgi?product=Automated%20Update%20Handler Regards, The Upgrade Helper -- >8 -- From b46509687349d6bdd492ab88a212d19eb402fbad Mon Sep 17 00:00:00 2001 From: Upgrade Helper <auh@yoctoproject.org> Date: Mon, 15 Jul 2024 18:49:36 +0000 Subject: [PATCH] gnutls: upgrade 3.8.5 -> 3.8.6 --- ...ile-should-be-excuted-in-target-envi.patch | 2 +- ...PKCS1-v1_5-system-wide-configuration.patch | 269 ------------------ .../gnutls/gnutls/Add-ptest-support.patch | 10 +- .../gnutls/gnutls/arm_eabi.patch | 2 +- .../{gnutls_3.8.5.bb => gnutls_3.8.6.bb} | 3 +- 5 files changed, 8 insertions(+), 278 deletions(-) delete mode 100644 meta/recipes-support/gnutls/gnutls/0001-Fix-RSAES-PKCS1-v1_5-system-wide-configuration.patch rename meta/recipes-support/gnutls/{gnutls_3.8.5.bb => gnutls_3.8.6.bb} (95%)