NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
e45fe7259e
kumquat-buildroot/package/gnutls/gnutls.mk
Sørensen, Stefan 1dd5576ccb package/gnutls: security bump to 3.6.7.1 
Fixes the following security issues:

 * CVE-2019-3836: It was discovered in gnutls before version 3.6.7 upstream
   that there is an uninitialized pointer access in gnutls versions 3.6.3 or
   later which can be triggered by certain post-handshake messages

 * CVE-2019-3829: A vulnerability was found in gnutls versions from 3.5.8
   before 3.6.7. A memory corruption (double free) vulnerability in the
   certificate verification API. Any client or server application that
   verifies X.509 certificates with GnuTLS 3.5.8 or later is affected.

3.6.7.1 is identical to 3.6.7, but fixes a packaging issue in the release
tarball:

https://lists.gnutls.org/pipermail/gnutls-devel/2019-April/013086.html

HTTP URLs changed to HTTPS in COPYING, so update license hash.

Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-07 22:45:49 +02:00

90 lines
2.9 KiB
Makefile
Raw Blame History

################################################################################
#
# gnutls
#
################################################################################
GNUTLS_VERSION_MAJOR = 3.6
GNUTLS_VERSION = $(GNUTLS_VERSION_MAJOR).7.1
GNUTLS_SOURCE = gnutls-$(GNUTLS_VERSION).tar.xz
GNUTLS_SITE = https://www.gnupg.org/ftp/gcrypt/gnutls/v$(GNUTLS_VERSION_MAJOR)
GNUTLS_LICENSE = LGPL-2.1+ (core library), GPL-3.0+ (gnutls-openssl library)
GNUTLS_LICENSE_FILES = doc/COPYING doc/COPYING.LESSER
GNUTLS_DEPENDENCIES = host-pkgconf libtasn1 nettle pcre
GNUTLS_CONF_OPTS = \
--disable-doc \
--disable-guile \
--disable-libdane \
--disable-rpath \
--enable-local-libopts \
--enable-openssl-compatibility \
--with-librt-prefix=$(STAGING_DIR) \
--without-tpm \
$(if $(BR2_PACKAGE_GNUTLS_TOOLS),--enable-tools,--disable-tools)
GNUTLS_CONF_ENV = gl_cv_socket_ipv6=yes \
ac_cv_header_wchar_h=$(if $(BR2_USE_WCHAR),yes,no) \
gt_cv_c_wchar_t=$(if $(BR2_USE_WCHAR),yes,no) \
gt_cv_c_wint_t=$(if $(BR2_USE_WCHAR),yes,no) \
gl_cv_func_gettimeofday_clobber=no
GNUTLS_INSTALL_STAGING = YES
# libpthread autodetection poison the linkpath
GNUTLS_CONF_OPTS += $(if $(BR2_TOOLCHAIN_HAS_THREADS),--with-libpthread-prefix=$(STAGING_DIR)/usr)
# gnutls needs libregex, but pcre can be used too
# The check isn't cross-compile friendly
GNUTLS_CONF_ENV += libopts_cv_with_libregex=yes
GNUTLS_CONF_OPTS += \
--with-regex-header=pcreposix.h \
--with-libregex-cflags="`$(PKG_CONFIG_HOST_BINARY) libpcreposix --cflags`" \
--with-libregex-libs="`$(PKG_CONFIG_HOST_BINARY) libpcreposix --libs`"
# Consider crywrap as part of tools because it needs WCHAR, and it's so too
ifeq ($(BR2_PACKAGE_GNUTLS_TOOLS),)
GNUTLS_CONF_OPTS += --disable-crywrap
endif
# Prerequisite for crywrap
ifeq ($(BR2_PACKAGE_ARGP_STANDALONE),y)
GNUTLS_CONF_ENV += LIBS="-largp"
GNUTLS_DEPENDENCIES += argp-standalone
endif
# libidn support for nommu must exclude the crywrap wrapper (uses fork)
GNUTLS_CONF_OPTS += $(if $(BR2_USE_MMU),,--disable-crywrap)
ifeq ($(BR2_PACKAGE_CRYPTODEV_LINUX),y)
GNUTLS_CONF_OPTS += --enable-cryptodev
GNUTLS_DEPENDENCIES += cryptodev-linux
endif
ifeq ($(BR2_PACKAGE_LIBIDN2),y)
GNUTLS_CONF_OPTS += --with-idn
GNUTLS_DEPENDENCIES += libidn2
else
GNUTLS_CONF_OPTS += --without-idn
endif
ifeq ($(BR2_PACKAGE_P11_KIT),y)
GNUTLS_CONF_OPTS += --with-p11-kit
GNUTLS_DEPENDENCIES += p11-kit
else
GNUTLS_CONF_OPTS += --without-p11-kit
endif
ifeq ($(BR2_PACKAGE_LIBUNISTRING),y)
GNUTLS_CONF_OPTS += --with-libunistring-prefix=$(STAGING_DIR)/usr
GNUTLS_DEPENDENCIES += libunistring
else
GNUTLS_CONF_OPTS += --with-included-unistring
endif
# Provide a default CA cert location
ifeq ($(BR2_PACKAGE_P11_KIT),y)
GNUTLS_CONF_OPTS += --with-default-trust-store-pkcs11=pkcs11:model=p11-kit-trust
else ifeq ($(BR2_PACKAGE_CA_CERTIFICATES),y)
GNUTLS_CONF_OPTS += --with-default-trust-store-file=/etc/ssl/certs/ca-certificates.crt
endif
$(eval $(autotools-package))
Reference in New Issue View Git Blame Copy Permalink