Fixes:
CVE-2014-8564 / GNUTLS-SA-2014-5 - Sean Burford reported that the
encoding of elliptic curves parameters GnuTLS 3 is vulnerable to a
denial of service (heap corruption). It affects clients and servers
which print information about the peer's certificate, e.g., the key ID,
and can be exploited via a specially crafted X.509 certificate.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
To be consistent with the recent change of FOO_MAKE_OPT into FOO_MAKE_OPTS,
make the same change for FOO_CONF_OPT.
Sed command used:
find * -type f | xargs sed -i 's#_CONF_OPT\>#&S#g'
Signed-off-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The configure script finds libz in the distribution libraries, which causes
zlib support to be dropped from the cross-compiled GnuTLS.
Signed-off-by: Antoine Pierlot-Garcin <antoine@bokbox.com>
Acked-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
gnutls-01-gettime.patch was applied upstream, AUTORECONF is no longer
necessary.
The GNUTLS_LIBREGEX_CHECK_FIX didn't actually work before, because it was
overwritten by the autoreconf. It looks like things still work without
regex. However, this patch reinstates the regex support by setting
libopts_cv_with_libregex=yes in the environment.
Fixes http://autobuild.buildroot.net/results/b22/b22f2caa79f371c625939b65a88a2073382c5288
(failure in libvncserver) because gnutls.so is now properly linked with -lrt.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Following the recent bump of gnutls to version 3.2.8, the build
started to fail on some machines where libopts is installed on the
system: gnutls configure script was incorrectly assuming that libopts
was available.
Since we don't have a package in Buildroot, this commit tells gnutls
to use its builtin libopts version.
Fixes (tested on gcc20):
http://autobuild.buildroot.org/results/18f/18f61b3be6aed73f83b449b5082492a4a6ba8ffb/build-end.log
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
In the Config.in file of package foo, it often happens that there are other
symbols besides BR2_PACKAGE_FOO. Typically, these symbols only make sense
when foo itself is enabled. There are two ways to express this: with
depends on BR2_PACKAGE_FOO
in each extra symbol, or with
if BR2_PACKAGE_FOO
...
endif
around the entire set of extra symbols.
The if/endif approach avoids the repetition of 'depends on' statements on
multiple symbols, so this is clearly preferred. But even when there is only
one extra symbol, if/endif is a more logical choice:
- it is future-proof for when extra symbols are added
- it allows to have just one strategy instead of two (less confusion)
This patch modifies the Config.in files accordingly.
Signed-off-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Jerzy Grzegorek <jerzy.grzegorek@trzebnica.net>
Reviewed-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This patch lines up the comments in Config.in files that clarify which
toolchain options the package depends on.
Signed-off-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This reverts commit 7672b1235d.
It turns out that libgnutls.so ends up with a reference to wctomb() on
uClibc, as uClibc doesn't have vasnprintf so gnutls builds its internal
gnulib version of it, referencing wctomb().
Fix it by going back to requiring wchar for the base gnutls library as well.
Fixes http://autobuild.buildroot.net/results/780/780e825e56dc78f1ea347ca462e2e31044428775/
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
Unfortunately because of header file differencies this can't be used for
OCF.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
Fixes a regression in 3.1.7 regarding the priority string NORMAL.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
This reverts commit f1b86cef98
While the fix makes gnutls build without wchar, it doesn't actually work as
there's no rpl_wctomb implementation so the .so ends up with an undefined
reference to wctomb:
./host/usr/bin/arm-linux-nm -D staging/usr/lib/libgnutls.so.28|grep wctomb
U wctomb
Causing linker errors for packages trying to use it:
CCLD msmtp
host/usr/arm-buildroot-linux-uclibcgnueabi/sysroot/usr/lib/libgnutls.so:
undefined reference to `wctomb'
collect2: ld returned 1 exit status
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
Add it to the dependencies when it's available.
But disable crywrap when it's a nommu system since it uses fork()
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
The pthreads autodetection poisons the linkpath thus making other
distribution libraries to take precedence over the cross ones.
Leading to failures such as:
http://autobuild.buildroot.net/results/tmp/3f979d4e2186ee31012c332fedec9591890b0b77
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
[Peter: add comment when tools not available]
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
Make gnutls work for non-wchar toolchains.
It's just a matter of throwing a helping hand to configure.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
Gustavo Zacarias
Thomas De Schampheleire
Antoine Pierlot-Garcin
Arnout Vandecappelle (Essensium/Mind)
Thomas Petazzoni
Jerzy Grzegorek
Alexandre Belloni
Peter Korsgaard