From patchwork Mon Jul 15 19:19:08 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: auh@yoctoproject.org X-Patchwork-Id: 46426 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id E25E0C49EA1 for ; Mon, 15 Jul 2024 19:19:13 +0000 (UTC) Received: from a27-30.smtp-out.us-west-2.amazonses.com (a27-30.smtp-out.us-west-2.amazonses.com [54.240.27.30]) by mx.groups.io with SMTP id smtpd.web11.1291.1721071144959217155 for ; Mon, 15 Jul 2024 12:19:09 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@yoctoproject.org header.s=rnkzp2s7ci3kogmesvov2nwn7wcc2dgx header.b=Bh9ouJXb; dkim=pass header.i=@amazonses.com header.s=7v7vs6w47njt4pimodk5mmttbegzsi6n header.b=vCpKBa2s; spf=pass (domain: us-west-2.amazonses.com, ip: 54.240.27.30, mailfrom: 01010190b7d59e98-f1866455-80b5-4027-ae60-3de39cf2f63e-000000@us-west-2.amazonses.com) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=rnkzp2s7ci3kogmesvov2nwn7wcc2dgx; d=yoctoproject.org; t=1721071148; h=Content-Type:MIME-Version:From:To:Cc:Subject:Message-Id:Date; bh=OxXJgr9tCvgGcSExa6wIyRLSSKz8XtEdRuQDQX5USbM=; b=Bh9ouJXbJBcVaqtj6hK8cQTvG4CudTuoAswcL890USn7U8g/6v0TVR+lgag5cNfi aNHHACmQUVewSZO2pDck3huKAYoBJuG8xBBRYGwP7F4wSV2hDtc1ZU4IssBOGau5X/c naQ85Ib/Tp62mr7PjAdKLvw0b5HJwUduPZ1I/kBo= DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=7v7vs6w47njt4pimodk5mmttbegzsi6n; d=amazonses.com; t=1721071148; h=Content-Type:MIME-Version:From:To:Cc:Subject:Message-Id:Date:Feedback-ID; bh=OxXJgr9tCvgGcSExa6wIyRLSSKz8XtEdRuQDQX5USbM=; b=vCpKBa2sbLNZA0r5HcJBNxXzBhK2kJYs+WNtBmVZZBPmazKE/z7/rhj0a7mU/2as ONBhpQqzhCkXKFhNsk6+iRy1K86RTTLkl2sp2VrFcJ9H89BaHd+Sy1yJ+dKSd8KKUot fNaC2ns3FuWy3VZ1m/eDQJkZw0isUS3asRg2I/zA= MIME-Version: 1.0 From: auh@yoctoproject.org To: =?utf-8?q?Simone_Wei=C3=9F_=3Csimone=2Ep=2Eweiss=40posteo=2Enet=3E?= @yoctoproject.org Cc: openembedded-core@lists.openembedded.org Subject: [AUH] gnutls: upgrading to 3.8.6 SUCCEEDED Message-ID: <01010190b7d59e98-f1866455-80b5-4027-ae60-3de39cf2f63e-000000@us-west-2.amazonses.com> Date: Mon, 15 Jul 2024 19:19:08 +0000 Feedback-ID: ::1.us-west-2.9np3MYPs3fEaOBysGKSlUD4KtcmPijcmS9Az2Hwf7iQ=:AmazonSES X-SES-Outgoing: 2024.07.15-54.240.27.30 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 15 Jul 2024 19:19:13 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/202051 Hello, this email is a notification from the Auto Upgrade Helper that the automatic attempt to upgrade the recipe *gnutls* to *3.8.6* has Succeeded. Next steps: - apply the patch: git am 0001-gnutls-upgrade-3.8.5-3.8.6.patch - check the changes to upstream patches and summarize them in the commit message, - compile an image that contains the package - perform some basic sanity tests - amend the patch and sign it off: git commit -s --reset-author --amend - send it to the appropriate mailing list Alternatively, if you believe the recipe should not be upgraded at this time, you can fill RECIPE_NO_UPDATE_REASON in respective recipe file so that automatic upgrades would no longer be attempted. Please review the attached files for further information and build/update failures. Any problem please file a bug at https://bugzilla.yoctoproject.org/enter_bug.cgi?product=Automated%20Update%20Handler Regards, The Upgrade Helper -- >8 -- From b46509687349d6bdd492ab88a212d19eb402fbad Mon Sep 17 00:00:00 2001 From: Upgrade Helper Date: Mon, 15 Jul 2024 18:49:36 +0000 Subject: [PATCH] gnutls: upgrade 3.8.5 -> 3.8.6 --- ...ile-should-be-excuted-in-target-envi.patch | 2 +- ...PKCS1-v1_5-system-wide-configuration.patch | 269 ------------------ .../gnutls/gnutls/Add-ptest-support.patch | 10 +- .../gnutls/gnutls/arm_eabi.patch | 2 +- .../{gnutls_3.8.5.bb => gnutls_3.8.6.bb} | 3 +- 5 files changed, 8 insertions(+), 278 deletions(-) delete mode 100644 meta/recipes-support/gnutls/gnutls/0001-Fix-RSAES-PKCS1-v1_5-system-wide-configuration.patch rename meta/recipes-support/gnutls/{gnutls_3.8.5.bb => gnutls_3.8.6.bb} (95%) diff --git a/meta/recipes-support/gnutls/gnutls/0001-Creating-.hmac-file-should-be-excuted-in-target-envi.patch b/meta/recipes-support/gnutls/gnutls/0001-Creating-.hmac-file-should-be-excuted-in-target-envi.patch index d13bfee8ef..59824d35f1 100644 --- a/meta/recipes-support/gnutls/gnutls/0001-Creating-.hmac-file-should-be-excuted-in-target-envi.patch +++ b/meta/recipes-support/gnutls/gnutls/0001-Creating-.hmac-file-should-be-excuted-in-target-envi.patch @@ -1,4 +1,4 @@ -From 7be8ec59a53e93c2bd453b3ba2d63d1b300ef11f Mon Sep 17 00:00:00 2001 +From c4f6cb380471b5e5478ae6f7f8c5604a6a64ec1c Mon Sep 17 00:00:00 2001 From: Lei Maohui Date: Mon, 23 May 2022 10:44:43 +0900 Subject: [PATCH] Creating .hmac file should be excuted in target environment, diff --git a/meta/recipes-support/gnutls/gnutls/0001-Fix-RSAES-PKCS1-v1_5-system-wide-configuration.patch b/meta/recipes-support/gnutls/gnutls/0001-Fix-RSAES-PKCS1-v1_5-system-wide-configuration.patch deleted file mode 100644 index cc39f5c9a5..0000000000 --- a/meta/recipes-support/gnutls/gnutls/0001-Fix-RSAES-PKCS1-v1_5-system-wide-configuration.patch +++ /dev/null @@ -1,269 +0,0 @@ -From 2d73d945c4b1dfcf8d2328c4d23187d62ffaab2d Mon Sep 17 00:00:00 2001 -From: Zoltan Fridrich -Date: Wed, 10 Apr 2024 12:51:33 +0200 -Subject: [PATCH] Fix RSAES-PKCS1-v1_5 system-wide configuration - -Upstream-Status: Backport [expected for 3.8.6 https://gitlab.com/gnutls/gnutls/-/merge_requests/1830?commit_id=2d73d945c4b1dfcf8d2328c4d23187d62ffaab2d] - -Signed-off-by: Simone Weiß -Signed-off-by: Zoltan Fridrich ---- - lib/priority.c | 125 +++++++++++------- - ...system-override-allow-rsa-pkcs1-encrypt.sh | 27 +++- - 2 files changed, 96 insertions(+), 56 deletions(-) - -diff --git a/lib/priority.c b/lib/priority.c -index 8abe00d1ff..3434619aad 100644 ---- a/lib/priority.c -+++ b/lib/priority.c -@@ -1018,6 +1018,12 @@ struct cfg { - bool force_ext_master_secret_set; - }; - -+static inline void cfg_init(struct cfg *cfg) -+{ -+ memset(cfg, 0, sizeof(*cfg)); -+ cfg->allow_rsa_pkcs1_encrypt = true; -+} -+ - static inline void cfg_deinit(struct cfg *cfg) - { - if (cfg->priority_strings) { -@@ -1095,6 +1101,12 @@ struct ini_ctx { - size_t curves_size; - }; - -+static inline void ini_ctx_init(struct ini_ctx *ctx) -+{ -+ memset(ctx, 0, sizeof(*ctx)); -+ cfg_init(&ctx->cfg); -+} -+ - static inline void ini_ctx_deinit(struct ini_ctx *ctx) - { - cfg_deinit(&ctx->cfg); -@@ -1423,9 +1435,6 @@ static inline int cfg_apply(struct cfg *cfg, struct ini_ctx *ctx) - _gnutls_default_priority_string = cfg->default_priority_string; - } - -- /* enable RSA-PKCS1-V1_5 by default */ -- cfg->allow_rsa_pkcs1_encrypt = true; -- - if (cfg->allowlisting) { - /* also updates `flags` of global `hash_algorithms[]` */ - ret = cfg_hashes_set_array(cfg, ctx->hashes, ctx->hashes_size); -@@ -2217,22 +2226,73 @@ update_system_wide_priority_string(void) - return 0; - } - -+/* Returns false on parse error, otherwise true. -+ * The system_wide_config must be locked for writing. -+ */ -+static inline bool load_system_priority_file(void) -+{ -+ int err; -+ FILE *fp; -+ struct ini_ctx ctx; -+ -+ cfg_init(&system_wide_config); -+ -+ fp = fopen(system_priority_file, "re"); -+ if (fp == NULL) { -+ _gnutls_debug_log("cfg: unable to open: %s: %d\n", -+ system_priority_file, errno); -+ return true; -+ } -+ -+ /* Parsing the configuration file needs to be done in 2 phases: -+ * first parsing the [global] section -+ * and then the other sections, -+ * because the [global] section modifies the parsing behavior. -+ */ -+ ini_ctx_init(&ctx); -+ err = ini_parse_file(fp, global_ini_handler, &ctx); -+ if (!err) { -+ if (fseek(fp, 0L, SEEK_SET) < 0) { -+ _gnutls_debug_log("cfg: unable to rewind: %s\n", -+ system_priority_file); -+ if (fail_on_invalid_config) -+ exit(1); -+ } -+ err = ini_parse_file(fp, cfg_ini_handler, &ctx); -+ } -+ fclose(fp); -+ if (err) { -+ ini_ctx_deinit(&ctx); -+ _gnutls_debug_log("cfg: unable to parse: %s: %d\n", -+ system_priority_file, err); -+ return false; -+ } -+ cfg_apply(&system_wide_config, &ctx); -+ ini_ctx_deinit(&ctx); -+ return true; -+} -+ - static int _gnutls_update_system_priorities(bool defer_system_wide) - { -- int ret, err = 0; -+ int ret; -+ bool config_parse_error = false; - struct stat sb; -- FILE *fp; - gnutls_buffer_st buf; -- struct ini_ctx ctx; - - ret = gnutls_rwlock_rdlock(&system_wide_config_rwlock); -- if (ret < 0) { -+ if (ret < 0) - return gnutls_assert_val(ret); -- } - - if (stat(system_priority_file, &sb) < 0) { - _gnutls_debug_log("cfg: unable to access: %s: %d\n", - system_priority_file, errno); -+ -+ (void)gnutls_rwlock_unlock(&system_wide_config_rwlock); -+ ret = gnutls_rwlock_wrlock(&system_wide_config_rwlock); -+ if (ret < 0) -+ goto out; -+ /* If system-wide config is unavailable, apply the defaults */ -+ cfg_init(&system_wide_config); - goto out; - } - -@@ -2240,63 +2300,27 @@ static int _gnutls_update_system_priorities(bool defer_system_wide) - system_priority_last_mod == sb.st_mtime) { - _gnutls_debug_log("cfg: system priority %s has not changed\n", - system_priority_file); -- if (system_wide_config.priority_string) { -+ if (system_wide_config.priority_string) - goto out; /* nothing to do */ -- } - } - - (void)gnutls_rwlock_unlock(&system_wide_config_rwlock); - - ret = gnutls_rwlock_wrlock(&system_wide_config_rwlock); -- if (ret < 0) { -+ if (ret < 0) - return gnutls_assert_val(ret); -- } - - /* Another thread could have successfully re-read system-wide config, - * skip re-reading if the mtime it has used is exactly the same. - */ -- if (system_priority_file_loaded) { -+ if (system_priority_file_loaded) - system_priority_file_loaded = - (system_priority_last_mod == sb.st_mtime); -- } - - if (!system_priority_file_loaded) { -- _name_val_array_clear(&system_wide_config.priority_strings); -- -- gnutls_free(system_wide_config.priority_string); -- system_wide_config.priority_string = NULL; -- -- fp = fopen(system_priority_file, "re"); -- if (fp == NULL) { -- _gnutls_debug_log("cfg: unable to open: %s: %d\n", -- system_priority_file, errno); -+ config_parse_error = !load_system_priority_file(); -+ if (config_parse_error) - goto out; -- } -- /* Parsing the configuration file needs to be done in 2 phases: -- * first parsing the [global] section -- * and then the other sections, -- * because the [global] section modifies the parsing behavior. -- */ -- memset(&ctx, 0, sizeof(ctx)); -- err = ini_parse_file(fp, global_ini_handler, &ctx); -- if (!err) { -- if (fseek(fp, 0L, SEEK_SET) < 0) { -- _gnutls_debug_log("cfg: unable to rewind: %s\n", -- system_priority_file); -- if (fail_on_invalid_config) -- exit(1); -- } -- err = ini_parse_file(fp, cfg_ini_handler, &ctx); -- } -- fclose(fp); -- if (err) { -- ini_ctx_deinit(&ctx); -- _gnutls_debug_log("cfg: unable to parse: %s: %d\n", -- system_priority_file, err); -- goto out; -- } -- cfg_apply(&system_wide_config, &ctx); -- ini_ctx_deinit(&ctx); - _gnutls_debug_log("cfg: loaded system config %s mtime %lld\n", - system_priority_file, - (unsigned long long)sb.st_mtime); -@@ -2332,9 +2356,8 @@ static int _gnutls_update_system_priorities(bool defer_system_wide) - out: - (void)gnutls_rwlock_unlock(&system_wide_config_rwlock); - -- if (err && fail_on_invalid_config) { -+ if (config_parse_error && fail_on_invalid_config) - exit(1); -- } - - return ret; - } -diff --git a/tests/system-override-allow-rsa-pkcs1-encrypt.sh b/tests/system-override-allow-rsa-pkcs1-encrypt.sh -index b7d477c96e..714d0af946 100755 ---- a/tests/system-override-allow-rsa-pkcs1-encrypt.sh -+++ b/tests/system-override-allow-rsa-pkcs1-encrypt.sh -@@ -19,9 +19,8 @@ - # You should have received a copy of the GNU Lesser General Public License - # along with this program. If not, see - --: ${srcdir=.} --TEST=${srcdir}/rsaes-pkcs1-v1_5 --CONF=${srcdir}/config.$$.tmp -+TEST=${builddir}/rsaes-pkcs1-v1_5 -+CONF=config.$$.tmp - export GNUTLS_SYSTEM_PRIORITY_FILE=${CONF} - export GNUTLS_SYSTEM_PRIORITY_FAIL_ON_INVALID=1 - -@@ -38,15 +37,33 @@ cat <<_EOF_ > ${CONF} - allow-rsa-pkcs1-encrypt = true - _EOF_ - --${TEST} && fail "RSAES-PKCS1-v1_5 expected to succeed" -+${TEST} -+if [ $? != 0 ]; then -+ echo "${TEST} expected to succeed" -+ exit 1 -+fi -+echo "RSAES-PKCS1-v1_5 successfully enabled" - - cat <<_EOF_ > ${CONF} - [overrides] - allow-rsa-pkcs1-encrypt = false - _EOF_ - --${TEST} || fail "RSAES-PKCS1-v1_5 expected to fail" -+${TEST} -+if [ $? = 0 ]; then -+ echo "${TEST} expected to fail" -+ exit 1 -+fi -+echo "RSAES-PKCS1-v1_5 successfully disabled" - - unset GNUTLS_SYSTEM_PRIORITY_FILE - unset GNUTLS_SYSTEM_PRIORITY_FAIL_ON_INVALID -+ -+${TEST} -+if [ $? != 0 ]; then -+ echo "${TEST} expected to succeed by default" -+ exit 1 -+fi -+echo "RSAES-PKCS1-v1_5 successfully enabled by default" -+ - exit 0 --- -GitLab - - diff --git a/meta/recipes-support/gnutls/gnutls/Add-ptest-support.patch b/meta/recipes-support/gnutls/gnutls/Add-ptest-support.patch index 8edd31d6b9..8e4df7b37e 100644 --- a/meta/recipes-support/gnutls/gnutls/Add-ptest-support.patch +++ b/meta/recipes-support/gnutls/gnutls/Add-ptest-support.patch @@ -1,4 +1,4 @@ -From bfa70adcbda4e505cf2e597907852e78e0439ee2 Mon Sep 17 00:00:00 2001 +From 6abc86acecff5a30173eb78a971ec5b65f77e1de Mon Sep 17 00:00:00 2001 From: Ravineet Singh Date: Tue, 10 Jan 2023 16:11:10 +0100 Subject: [PATCH] gnutls: add ptest support @@ -26,10 +26,10 @@ index 843193f..816b09f 100644 include $(top_srcdir)/cligen/cligen.mk diff --git a/configure.ac b/configure.ac -index 934377e..4406eae 100644 +index 1744813..efb9e34 100644 --- a/configure.ac +++ b/configure.ac -@@ -1213,6 +1213,8 @@ AC_SUBST(LIBGNUTLS_CFLAGS) +@@ -1226,6 +1226,8 @@ AC_SUBST(LIBGNUTLS_CFLAGS) AM_CONDITIONAL(NEEDS_LIBRT, test "$gnutls_needs_librt" = "yes") @@ -39,10 +39,10 @@ index 934377e..4406eae 100644 hw_features= diff --git a/tests/Makefile.am b/tests/Makefile.am -index e39a3b3..861dd63 100644 +index 189d068..8430b05 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am -@@ -663,6 +663,12 @@ SH_LOG_COMPILER = $(SHELL) +@@ -668,6 +668,12 @@ SH_LOG_COMPILER = $(SHELL) AM_VALGRINDFLAGS = --suppressions=$(srcdir)/suppressions.valgrind LOG_COMPILER = $(LOG_VALGRIND) diff --git a/meta/recipes-support/gnutls/gnutls/arm_eabi.patch b/meta/recipes-support/gnutls/gnutls/arm_eabi.patch index 883d0123db..d493448aab 100644 --- a/meta/recipes-support/gnutls/gnutls/arm_eabi.patch +++ b/meta/recipes-support/gnutls/gnutls/arm_eabi.patch @@ -1,4 +1,4 @@ -From d17ae0ef31c3c186766a338e8c40c87d1b98820e Mon Sep 17 00:00:00 2001 +From 46b3079095c5ceb0dc742785853bbaf288f325c6 Mon Sep 17 00:00:00 2001 From: Joe Slater Date: Wed, 25 Jan 2017 13:52:59 -0800 Subject: [PATCH] gnutls: account for ARM_EABI diff --git a/meta/recipes-support/gnutls/gnutls_3.8.5.bb b/meta/recipes-support/gnutls/gnutls_3.8.6.bb similarity index 95% rename from meta/recipes-support/gnutls/gnutls_3.8.5.bb rename to meta/recipes-support/gnutls/gnutls_3.8.6.bb index 52a1c00c4a..37d12fb5ea 100644 --- a/meta/recipes-support/gnutls/gnutls_3.8.5.bb +++ b/meta/recipes-support/gnutls/gnutls_3.8.6.bb @@ -21,12 +21,11 @@ SHRT_VER = "${@d.getVar('PV').split('.')[0]}.${@d.getVar('PV').split('.')[1]}" SRC_URI = "https://www.gnupg.org/ftp/gcrypt/gnutls/v${SHRT_VER}/gnutls-${PV}.tar.xz \ file://arm_eabi.patch \ file://0001-Creating-.hmac-file-should-be-excuted-in-target-envi.patch \ - file://0001-Fix-RSAES-PKCS1-v1_5-system-wide-configuration.patch \ file://run-ptest \ file://Add-ptest-support.patch \ " -SRC_URI[sha256sum] = "66269a2cfe0e1c2dabec87bdbbd8ab656f396edd9a40dd006978e003cfa52bfc" +SRC_URI[sha256sum] = "2e1588aae53cb32d43937f1f4eca28febd9c0c7aa1734fc5dd61a7e81e0ebcdd" inherit autotools texinfo pkgconfig gettext lib_package gtk-doc ptest