Commit Graph

128 Commits

Author SHA1 Message Date
Fabrice Fontaine
fb3b23220b package/gnutls: security bump to version 3.6.15
libgnutls: Fixed "no_renegotiation" alert handling at incorrect timing.
The server sending a "no_renegotiation" alert in an unexpected timing,
followed by an invalid second handshake was able to cause a TLS 1.3
client to crash via a null-pointer dereference. The crash happens in the
application's error handling path, where the gnutls_deinit function is
called after detecting a handshake failure (#1071).
[GNUTLS-SA-2020-09-04, CVSS: medium]

https://lists.gnupg.org/pipermail/gnutls-help/2020-September/004669.html

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2020-09-05 23:03:28 +02:00
Stefan Sørensen
838f67c27f package/gnutls: fix build with uClibc
Since v3.6.14 gnutls wants to use the 'e' flag with fopen to set the
O_CLOEXEC flags. Since this is a glibc extension, it will trigger a
gnulib override of fopen on non-glibc systems, but that override
breaks the uClibc stdio.h header.

Fixes:
http://autobuild.buildroot.org/results/02f/02f2b524add307c8f7cc1af1ed0783bb1baf029a

Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-07-09 09:16:35 +02:00
Stefan Sørensen
16ea3ee784 package/gnutls: security bump to 3.6.14
Fixes the following security issue:

 * CVE-2020-13777: It was found that GnuTLS 3.6.4 introduced a
   regression in the TLS protocol implementation. This caused the TLS
   server to not securely construct a session ticket encryption key
   considering the application supplied secret, allowing a MitM
   attacker to bypass authentication in TLS 1.3 and recover previous
   conversations in TLS 1.2

Release announcement:
 https://lists.gnupg.org/pipermail/gnutls-help/2020-June/004648.html

Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
[yann.morin.1998@free.fr: two spaces in hash file]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2020-06-21 23:32:43 +02:00
Stefan Sørensen
170d06cfc6 package/gnutls: security bump to 3.6.13
Fixes the following security issue:

 * CVE-2020-11501: It was found that GnuTLS 3.6.3 introduced a
   regression in the DTLS protocol implementation. This caused the DTLS
   client to not contribute any randomness to the DTLS negotiation
   breaking the security guarantees of the DTLS protocol.

Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-04-08 22:35:09 +02:00
Yann E. MORIN
f295ad4cb0 package/*: do not override LICENSE, but append to it
Now that the infra takes care of removing extraneous spaces before
commas, we can safely append to LICENSE variables.

This removes the only case where we had to use immediate assignment
to append to a variable.

Mechanical change, with:

    $ sed -r -i -e 's/\<([^[:space:]]+_LICENSE) := \$\(\1\),/\1 += ,/' \
        $(git grep -l -E '\<([^[:space:]]+_LICENSE) := \$\(\1\),')

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2019-10-27 10:35:06 +01:00
Bernd Kuhls
3029eb045c package/gnutls: bump version to 3.6.10
Release notes:
https://lists.gnupg.org/pipermail/gnutls-help/2019-September/004574.html

Removed patch applied upstream, also removed autoreconf.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-10-21 21:15:30 +02:00
Fabrice Fontaine
53622826da package/gnutls: use __get_cpuid_count() only when available
Fixes:
 - http://autobuild.buildroot.org/results/4e874ed2fcc1f969f2f8ece88985ccd625f2c55b

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2019-09-21 13:24:45 +02:00
Peter Korsgaard
d8e6851f11 Merge branch 'next' 2019-09-03 15:03:02 +02:00
Bernd Kuhls
a9c509934e package/gnutls: bump version to 3.6.9
Release notes:
https://lists.gnupg.org/pipermail/gnutls-help/2019-July/004556.html

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-08-28 14:40:00 +02:00
Carlos Santos
d4c12d6bcd package/gnutls: make the OpenSSL compatibility library optional
Add a BR2_PACKAGE_GNUTLS_OPENSSL option, disabled by default since it is
not used by any package that depends on gnutls.

The library is licensed under GPLv3, which can be a problem for embedded
systems due to the so-called anti-tivoization clause.

Signed-off-by: Carlos Santos <unixmania@gmail.com>
[Thomas: don't repeat the license details for the gnutls-openssl case,
simply append to them]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-08-17 15:37:47 +02:00
Fabrice Fontaine
e5a2354b6b package/gnutls: fix build on sparc
gnutls source code uses the C++11 <atomic> functionality since
7978a73346,
which internally is implemented using the __atomic_*() gcc built-ins

On certain architectures, the __atomic_*() built-ins are implemented in
the libatomic library that comes with the rest of the gcc runtime. Due
to this, code using <atomic> might need to link against libatomic,
otherwise one hits build issues such as:

../lib/.libs/libgnutls.so: undefined reference to `__atomic_fetch_sub_4'

on an architecture like SPARC.

To solve this, link against libatomic if BR2_PACKAGE_HAS_LIBATOMIC is set.

This fix gnutls build failures as well as cups, gnupg and libmicrohttpd

Fixes:
 - http://autobuild.buildroot.org/results/1c7541fc6ac4b52d1dfe02a9a7d61db90f4521eb
 - http://autobuild.buildroot.org/results/42c8803b98e38ebd48870fe6b1a20a1d6c351e5f
 - http://autobuild.buildroot.org/results/a1e96d02d41f7fec0f5327f65fb34405f963a1e9
 - http://autobuild.buildroot.org/results/59c92706457a9da29dd44425e546a7c80c18b454

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-07-17 07:40:18 +02:00
Bernd Kuhls
9e2fcb2e25 package/gnutls: bump version to 3.6.8
Release notes:
https://lists.gnupg.org/pipermail/gnutls-help/2019-May/004527.html

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2019-07-04 01:02:12 +02:00
Sørensen, Stefan
1dd5576ccb package/gnutls: security bump to 3.6.7.1
Fixes the following security issues:

 * CVE-2019-3836: It was discovered in gnutls before version 3.6.7 upstream
   that there is an uninitialized pointer access in gnutls versions 3.6.3 or
   later which can be triggered by certain post-handshake messages

 * CVE-2019-3829: A vulnerability was found in gnutls versions from 3.5.8
   before 3.6.7. A memory corruption (double free) vulnerability in the
   certificate verification API. Any client or server application that
   verifies X.509 certificates with GnuTLS 3.5.8 or later is affected.

3.6.7.1 is identical to 3.6.7, but fixes a packaging issue in the release
tarball:

https://lists.gnutls.org/pipermail/gnutls-devel/2019-April/013086.html

HTTP URLs changed to HTTPS in COPYING, so update license hash.

Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-07 22:45:49 +02:00
Peter Korsgaard
da17aef2e0 package/gnutls: bump to version 3.6.6
Drop now upstreamed 0001-configure.ac-check-if-libatomic-is-needed.patch and
autoreconf.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-01-28 22:04:17 +01:00
Fabrice Fontaine
d2f606a646 gnutls: fix build on sparc
gnutls source code uses the C++11 <atomic> functionality since
7978a73346,
which internally is implemented using the __atomic_*() gcc built-ins

On certain architectures, the __atomic_*() built-ins are implemented in
the libatomic library that comes with the rest of the gcc runtime. Due
to this, code using <atomic> might need to link against libatomic,
otherwise one hits build issues such as:

../lib/.libs/libgnutls.so: undefined reference to `__atomic_fetch_sub_4'

on an architecture like SPARC.

To solve this, a configure.ac check is added to know if we need to
link against libatomic or not. The library is also added to gnutls.pc.

Fixes:
 - http://autobuild.buildroot.org/results/6c749bd592ceffeacadd2ab570d127936cce64b2
 - http://autobuild.buildroot.org/results/30aa83d3cf3482af8a59250c196c85f4a278d343

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Tested-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-01-28 16:54:59 +01:00
Fabrice Fontaine
3cd4cb0156 gnutls: bump to version 3.6.5
- libidn1 support removed since version 3.6.0 and
  abe6a12b97
- libz support has been removed since version 3.6.0 and
  1b3ece44ac

This bump also fix build issues of gnutls tests and applications such
as ffmpeg or cups due to the fact that _idn2_punycode_* functions are
not exposed anymore since libidn2 bump to version 2.1.0 and:
1d1f2e5bab

Fixes:
 - http://autobuild.buildroot.org/results/f8c38ea6ebbb78269d620d19d760a0566f742640
 - http://autobuild.buildroot.org/results/8dc5b4212b1d8d0bf5bd5e8a27eb02753dc678e4
 - http://autobuild.buildroot.org/results/53f5bcd9010c841838f51d65427d9a97ef35e08c

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-01-16 20:34:56 +01:00
Fabrice Fontaine
818b906288 gnutls: remove unrecognized --with-libnettle-prefix
configure: WARNING: unrecognized options: --disable-docs, --disable-documentation, --with-xmlto, --with-fop, --enable-ipv6, --with-libnettle-prefix

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-01-16 20:33:37 +01:00
Trent Piepho
379306e8f2 package/gnutls: give library a default trust location
Gnutls is building with no default location to look for CA certs.  Since
there are buildroot packages to provide these, configure it to use them
by default.

Configure gnutls to find them using the bundle file which contains all
certs, rather than looking in the cert directory.  When gnutls is told
to use the directory, it loads *every* file in it.  This means it loads
the bundle with all certs, then loads each cert a second time using the
individual pem files, and then loads them all the third time via the
hash symlinks to the pem files.

When p11-kit is enabled, use its trust module instead of the bundle
file.  p11-kit can be configured to use the bundle (the default), but it
can do other things too, such as integrate with the "trust" command for
adding and removing trust anchors.

Signed-off-by: Trent Piepho <tpiepho@impinj.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-12-03 21:25:58 +01:00
Bernd Kuhls
08d64f47eb package/gnutls: bump version to 3.5.19
Release notes:
https://lists.gnupg.org/pipermail/gnutls-devel/2018-July/008583.html

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-07-21 22:19:24 +02:00
Baruch Siach
caddfa6237 Revert "gnutls: drop wchar dependency"
This reverts commit 694cdb9273.

Just like commit 68c3f5257d (Revert "gnutls: make it non-wchar
friendly") before. It turns out that gnulib expects some other library
to provide a wctomb() implementation. So when the C library does not
provide one it is left as undefined symbol in libgnutls.so.

Add a comment to reduce the chance of repeating the same mistake again.

Fixes:
http://autobuild.buildroot.net/results/86f/86f08276fcb0cc557ab3cc5f57229b2c0c6ac2d7/
http://autobuild.buildroot.net/results/7c4/7c4bcb839f0ad5bc0496b4115ff391a3b312581a/
http://autobuild.buildroot.net/results/1c3/1c353f542c49bbe5520266c0ebb6a58589032453/

Reported-by: Matt Weber <matthew.weber@rockwellcollins.com>
Cc: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-06-30 18:41:41 +02:00
Baruch Siach
694cdb9273 gnutls: drop wchar dependency
Commit 19448f40a0 (gnutls: use included unistring unless libunistring is
selected) made libunistring an optional dependency.  So now gnutls no longer
depend on wchar.

Drop wchar dependency of libmicrohttpd and libsoup, which are gnutls
reverse dependencies that do not depend themselves on wchar.

Update the comments in libsoup and taskd; the wchar dependency is now
not due to gnutls.

Cc: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-22 11:43:33 +02:00
Sven Neumann
19448f40a0 gnutls: use included unistring unless libunistring is selected
Use the included copy of libunistring unless BR2_PACKAGE_LIBUNISTRING
is already selected.

The resulting gnutls library with libunistring included is about 1.2 MB
smaller than the sum of libgnutls and libunistring.

Signed-off-by: Sven Neumann <neumann@teufel.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-06-17 14:05:40 +02:00
Fabrice Fontaine
f48d3ff58b gnutls: add optional libidn2 support
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-05-20 16:11:00 +02:00
Baruch Siach
16956889f7 gnutls: bump to version 3.5.18
Cc: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-01 14:04:40 +01:00
Peter Korsgaard
0ed9392196 gnutls: bump to version 3.5.17
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-26 09:06:24 +01:00
Baruch Siach
a34d965af7 gnutls: bump to version 3.5.16
Add link to tarball signature.

Add license hashes.

Cc: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-11-29 17:36:28 +01:00
Adam Duskett
be9d731edf package/g*: fix wrapping of Config.in help text
The check-package script when ran gives warnings on text wrapping
on all of these Config files.  This patch cleans up all warnings
related to the text wrapping for the Config files starting with
the letter g in the package directory.

The appropriate indentation is: <tab><2 spaces><62 chars>
See http://nightly.buildroot.org/#writing-rules-config-in for more
information.

Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-07-31 19:09:20 +02:00
Peter Korsgaard
8197236a50 gnutls: bump to version 3.5.14
Bugfix release, see the release notes for the fixes:

https://lists.gnupg.org/pipermail/gnutls-devel/2017-July/008469.html

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-07-05 00:15:11 +02:00
Baruch Siach
9289b24275 gnutls: switch to https download location
HTTPS works better behind certain corporate firewalls.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-06-14 21:25:57 +02:00
Baruch Siach
5cbf8baaa8 gnutls: security bump to version 3.5.13
Fixes CVE-2017-7507: decoding a status request TLS extension that has a
non-empty responder IDs list could lead to a crash due to a null pointer
dereference.

https://lists.gnupg.org/pipermail/gnutls-devel/2017-June/008446.html

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-06-14 21:24:08 +02:00
Bernd Kuhls
30ed9de2fd package/gnutls: disable for static build
The gnutils code uses __attribute__((constructor)) and
__attribute__((destructor)) to call constructor/desctructor when a
shared library is loaded.
Constructor/desctructor are not used when a static library is used
(except when if -Wl,--whole-archive -lgnutls -Wno-whole-archive is
used, not tested).

Even if gnutls initialization (_gnutls_global_init()) may be
called manually, the gnutls maintainer said it's not supported [1].

"Note that static linking applications with gnutls is not something
 supported. gnutls relies on library constructors and destructors
 which are not loaded when linking statically."

Now the gnutls script warns about static linking [2].

So disable gnutls statically by adding "depends on !BR2_STATIC_LIBS"
at Kconfig level and --disable-static in GNUTLS_CONF_OPTS.

Fixes:
[taskd] http://autobuild.buildroot.net/results/c2d/c2dd5c1c9dc87d2943c15e58ee56e67d7375368c
[ffmpeg] http://autobuild.buildroot.net/results/892/8926d319d6d1cd1ee72239ad7d9ca869d2355628
[sngrep] http://autobuild.buildroot.net/results/f7f/f7fb42d3742f6f01000a0d181e0c785640284405

[1] https://gitlab.com/gnutls/gnutls/issues/203
[2] 6b74888679

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
[Romain: merge our two patches together
    add some option comment
    disable static libgnutls.a
    add sngrep autobuilder reference]
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Tested-by: Bernd Kuhls <bernd.kuhls@t-online.de>
[Thomas: do not disable libgnutls.a]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-05-29 22:52:34 +02:00
Peter Korsgaard
f8e1fdbe97 gnutls: bump version to 3.5.12
For details, see the release notes:

https://lists.gnupg.org/pipermail/gnutls-devel/2017-May/008427.html
https://lists.gnupg.org/pipermail/gnutls-devel/2017-April/008393.html

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-05-17 21:55:04 +02:00
Adam Duskett
791c5db743 packages/g*/Config.in: fix ordering of statements
The check-package script when ran gives warnings on ordering issues
on all of these Config files.  This patch cleans up all warnings
related to the ordering in the Config files for packages starting with
the letter g in the package directory.

The appropriate ordering is: type, default, depends on, select, help
See http://nightly.buildroot.org/#_config_files for more information.

Signed-off-by: Adam Duskett <Adamduskett@outlook.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-05-01 11:32:04 +02:00
Rahul Bedarkar
30a3e8d108 boot, package: use SPDX short identifier for LGPLv2.1/LGPLv2.1+
We want to use SPDX identifier for license string as much as possible.
SPDX short identifier for LGPLv2.1/LGPLv2.1+ is LGPL-2.1/LGPL-2.1+.

This change is done using following command.
find . -name "*.mk" | xargs sed -ri '/LICENSE( )?[\+:]?=/s/LGPLv2.1(\+)?/LGPL-2.1\1/g'

Signed-off-by: Rahul Bedarkar <rahulbedarkar89@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-04-01 15:18:10 +02:00
Rahul Bedarkar
337aa51f3f boot, package: use SPDX short identifier for GPLv3/GPLv3+
We want to use SPDX identifier for license string as much as possible.
SPDX short identifier for GPLv3/GPLv3+ is GPL-3.0/GPL-3.0+.

This change is done using following command.
find . -name "*.mk" | xargs sed -ri '/LICENSE( )?[\+:]?=/s/\<GPLv3\>/GPL-3.0/g'

Signed-off-by: Rahul Bedarkar <rahulbedarkar89@gmail.com>
Acked-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-04-01 15:17:59 +02:00
Gustavo Zacarias
6fdb2b109b gnutls: security bump to version 3.5.10
Fixes:
GNUTLS-SA-2017-3A - Addressed integer overflow resulting to invalid
memory write in OpenPGP certificate parsing.
GNUTLS-SA-2017-3B - Addressed crashes in OpenPGP certificate parsing,
related to private key parser. No longer allow OpenPGP certificates
(public keys) to contain private key sub-packets.
GNUTLS-SA-2017-3C - Addressed large allocation in OpenPGP certificate
parsing, that could lead in out-of-memory condition.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-03-06 17:45:23 +01:00
Peter Korsgaard
743f5076df gnutls: bump version to 3.5.9
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-02-14 11:22:13 +01:00
Gustavo Zacarias
9b347c4acd gnutls: security bump to version 3.5.8
The 3.5.x has been promoted to stable, hence 3.4.x is deprecated and
3.3.x kept as old-stable.

libdane now specifies LGPLv2.1+ so drop the README kludge (which is also
gone regarding licensing).

libunistring is a new dependency, even though gnutls ships a builtin version
we prefer to use unbundled to avoid duplication with other users and target
size growth.

Fixes:

GNUTLS-SA-2017-01 - It was found using the OSS-FUZZ fuzzer
infrastructure that decoding a specially crafted X.509 certificate with
Proxy Certificate Information extension present could lead to a double
free.
GNUTLS-SA-2017-02 - It was found using the OSS-FUZZ fuzzer
infrastructure that decoding a specially crafted OpenPGP certificate
could lead to heap and stack overflows.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-01-09 16:39:50 +01:00
Gustavo Zacarias
455487dbd1 gnutls: bump to version 3.4.17
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2016-12-09 18:11:24 +01:00
Gustavo Zacarias
881b7bd31e gnutls: bump to version 3.4.16
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2016-10-13 08:05:51 +02:00
Gustavo Zacarias
fc56a9ea3f gnutls: bump to version 3.4.15
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2016-09-08 19:47:05 +02:00
Gustavo Zacarias
6606dde1d5 gnutls: security bump to version 3.4.14
Fixes:
GNUTLS-SA-2016-2 - vulnerability that affects certificate verification
when GnuTLS is used in combination with the p11-kit trust module.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2016-07-14 12:53:28 +02:00
Rahul Bedarkar
f2844807a7 gnutls: update legal info
GnuTLS core library is licensed under LGPLv2.1+ while gnutls-openssl
library is licensed under GPLv3+. Annotate the license with components.

Reviewed-by: Marcin Nowakowski <marcin.nowakowski@imgtec.com>
Signed-off-by: Rahul Bedarkar <rahul.bedarkar@imgtec.com>
[Thomas:
 - add comment about the license of the "core library" since some files
   seems to be mistakenly under LGPLv3+ even though the library is
   licensed under LGPLv2.1+.
 - add the README file in the license information, since it contains a
   lot of useful details.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2016-07-05 00:10:05 +02:00
Gustavo Zacarias
57bb2d730b gnutls: bump to version 3.4.13
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2016-06-07 13:10:52 +02:00
Gustavo Zacarias
f8799db790 gnutls: bump to version 3.4.12
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2016-05-22 21:35:39 +02:00
Gustavo Zacarias
41fef2ce8d gnutls: bump to version 3.4.11
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2016-04-13 21:40:08 +02:00
Gustavo Zacarias
726f8f2f40 gnutls: bump to version 3.4.10
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2016-03-03 15:00:43 +01:00
Gustavo Zacarias
be8ae9330b gnutls: bump to version 3.4.9
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2016-02-03 23:16:25 +01:00
Gustavo Zacarias
9bff092e29 gnutls: bump to version 3.4.8
Patch now upstream, so drop it along autoreconf and gettextize.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2016-01-08 18:30:23 +01:00
Gustavo Zacarias
cb2334b926 gnutls: fix --disable-crywrap
Add a patch to really enable the --disable-crywrap option in gnutls.
Fixes:
http://autobuild.buildroot.org/results/d86/d8604fe448bb11395e8443726d09b041eb34c6d5/

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-12-16 09:35:01 +01:00