Patchwork [0/3] gnutls fixes for master

login
register
mail settings
Submitter Paul Eggleton
Date March 5, 2014, 11:25 a.m.
Message ID <cover.1394018657.git.paul.eggleton@linux.intel.com>
Download mbox
Permalink /patch/68045/
State New
Headers show

Pull-request

git://git.openembedded.org/openembedded-core-contrib paule/gnutls

Comments

Paul Eggleton - March 5, 2014, 11:25 a.m.
Turns out we're using the same old version of gnutls in master as in
dylan and dora, and we need a fix for a compile failure.


The following changes since commit 82c773e88aaefd9321481ad297554d5b4a3ae0b2:

  Revert "ncurses: use ln -r to generate relative symlink" (2014-03-03 15:52:26 +0000)

are available in the git repository at:

  git://git.openembedded.org/openembedded-core-contrib paule/gnutls
  http://cgit.openembedded.org/cgit.cgi/openembedded-core-contrib/log/?h=paule/gnutls

Karl Hiramoto (2):
  gnutls: CVE-2014-0092 correct return codes
  gnutls: Fixed bug that prevented the rejection of v1 intermediate CA
    certificates.

Paul Eggleton (1):
  gnutls: fix failure during do_compile

 .../gnutls/gnutls/25_updatedgdocfrommaster.diff    | 636 +++++++++++++++++++++
 .../CVE-2014-0092-corrected-return-codes.patch     | 106 ++++
 ...14-1959-rejection-of-v1-intermediate-cert.patch |  33 ++
 meta/recipes-support/gnutls/gnutls_2.12.23.bb      |   3 +
 4 files changed, 778 insertions(+)
 create mode 100644 meta/recipes-support/gnutls/gnutls/25_updatedgdocfrommaster.diff
 create mode 100644 meta/recipes-support/gnutls/gnutls/CVE-2014-0092-corrected-return-codes.patch
 create mode 100644 meta/recipes-support/gnutls/gnutls/CVE-2014-1959-rejection-of-v1-intermediate-cert.patch
David Nyström - March 5, 2014, 12:34 p.m.
On 2014-03-05 12:25, Paul Eggleton wrote:
> Turns out we're using the same old version of gnutls in master as in
> dylan and dora, and we need a fix for a compile failure.
>
>
> The following changes since commit 82c773e88aaefd9321481ad297554d5b4a3ae0b2:
>
>    Revert "ncurses: use ln -r to generate relative symlink" (2014-03-03 15:52:26 +0000)
>
> are available in the git repository at:
>
>    git://git.openembedded.org/openembedded-core-contrib paule/gnutls
>    http://cgit.openembedded.org/cgit.cgi/openembedded-core-contrib/log/?h=paule/gnutls
>
> Karl Hiramoto (2):
>    gnutls: CVE-2014-0092 correct return codes
>    gnutls: Fixed bug that prevented the rejection of v1 intermediate CA
>      certificates.
>
> Paul Eggleton (1):
>    gnutls: fix failure during do_compile

Any specific reasons why we still have the old gnuTLS-2.12.23 ?

Br,
David
Paul Eggleton - March 5, 2014, 1:24 p.m.
Hi David,

On Wednesday 05 March 2014 13:34:41 David Nyström wrote:
> On 2014-03-05 12:25, Paul Eggleton wrote:
> > Turns out we're using the same old version of gnutls in master as in
> > dylan and dora, and we need a fix for a compile failure.
> > 
> > The following changes since commit 
82c773e88aaefd9321481ad297554d5b4a3ae0b2:
> >    Revert "ncurses: use ln -r to generate relative symlink" (2014-03-03
> >    15:52:26 +0000)> 
> > are available in the git repository at:
> >    git://git.openembedded.org/openembedded-core-contrib paule/gnutls
> >    http://cgit.openembedded.org/cgit.cgi/openembedded-core-contrib/log/?h=
> >    paule/gnutls> 
> > Karl Hiramoto (2):
> >    gnutls: CVE-2014-0092 correct return codes
> >    gnutls: Fixed bug that prevented the rejection of v1 intermediate CA
> >    
> >      certificates.
> > 
> > Paul Eggleton (1):
> >    gnutls: fix failure during do_compile
> 
> Any specific reasons why we still have the old gnuTLS-2.12.23 ?

I'm not sure - there's no NO_UPGRADE_REASON set in our inc files to suggest 
why. Googling turned this up:

 https://wiki.debian.org/gnutls3

Valentin, Saul - we probably ought to have NO_UPGRADE_REASON set for gnutls if 
we have a good reason for staying with 2.12.x.

Cheers,
Paul
Valentin Popa - March 5, 2014, 2:18 p.m.
On 03/05/2014 03:24 PM, Paul Eggleton wrote:
> Hi David,
>
> On Wednesday 05 March 2014 13:34:41 David Nyström wrote:
>> On 2014-03-05 12:25, Paul Eggleton wrote:
>>> Turns out we're using the same old version of gnutls in master as in
>>> dylan and dora, and we need a fix for a compile failure.
>>>
>>> The following changes since commit
> 82c773e88aaefd9321481ad297554d5b4a3ae0b2:
>>>     Revert "ncurses: use ln -r to generate relative symlink" (2014-03-03
>>>     15:52:26 +0000)>
>>> are available in the git repository at:
>>>     git://git.openembedded.org/openembedded-core-contrib paule/gnutls
>>>     http://cgit.openembedded.org/cgit.cgi/openembedded-core-contrib/log/?h=
>>>     paule/gnutls>
>>> Karl Hiramoto (2):
>>>     gnutls: CVE-2014-0092 correct return codes
>>>     gnutls: Fixed bug that prevented the rejection of v1 intermediate CA
>>>     
>>>       certificates.
>>>
>>> Paul Eggleton (1):
>>>     gnutls: fix failure during do_compile
>> Any specific reasons why we still have the old gnuTLS-2.12.23 ?
> I'm not sure - there's no NO_UPGRADE_REASON set in our inc files to suggest
> why. Googling turned this up:
>
>   https://wiki.debian.org/gnutls3
>
> Valentin, Saul - we probably ought to have NO_UPGRADE_REASON set for gnutls if
> we have a good reason for staying with 2.12.x.
>
> Cheers,
> Paul
>

There is no valid regex for gnutls at the moment. I'll update it. As for 
the recommended version Saul or Ross might  know more.