| Message ID | 1712646620-16608-10-git-send-email-wangmy@fujitsu.com |
|---|---|
| State | New |
| Headers | show |
| Series | [01/33] babeltrace2: upgrade 2.0.5 -> 2.0.6 | expand |
Failed ptests:
{'gnutls': ['alerts',
'cert-status',
'ciphersuite-name',
'dtls-etm',
'dtls10-cert-key-exchange',
'dtls12-cert-key-exchange',
'keylog-env',
'mini-chain-unsorted',
'mini-record-failure',
'mini-overhead',
'mini-record',
'mini-record-2',
'record-retvals',
'rehandshake-switch-cert',
'rehandshake-switch-cert-allow',
'rehandshake-switch-cert-client',
'rehandshake-switch-cert-client-allow',
'rsa-encrypt-decrypt',
'rsa-psk',
'rsa-psk-cb',
'rsaes-pkcs1-v1_5',
'tls-etm',
'tls-force-etm',
'tls-neg-ext4-key',
'tls10-cert-key-exchange',
'tls11-cert-key-exchange',
'tls10-server-kx-neg',
'tls12-anon-upgrade',
'tls12-cert-key-exchange',
'tls11-server-kx-neg',
'tls12-server-kx-neg',
'tls13-cert-key-exchange',
'tls13-server-kx-neg',
'version-checks']}
On 09/04/2024 15:09:57+0800, wangmy via lists.openembedded.org wrote:
> From: Wang Mingyu <wangmy@fujitsu.com>
>
> Add-ptest-support.patch
> refreshed for 3.8.5
>
> Changelog:
> ==========
> * libgnutls: Due to majority of usages and implementations of
> RSA decryption with PKCS#1 v1.5 padding being incorrect,
> leaving them vulnerable to Marvin attack, the RSAES-PKCS1-v1_5
> is being deprecated (encryption and decryption) and will be
> disabled in the future.
> * libgnutls: Added support for RIPEMD160 and PBES1-DES-SHA1 for
> backward compatibility with GCR.
> * libgnutls: A couple of memory related issues have been fixed in RSA PKCS#1
> v1.5 decryption error handling and deterministic ECDSA with earlier
> versions of GMP.
> * build: Fixed a bug where building gnutls statically failed due
> to a duplicate definition of nettle_rsa_compute_root_tr().
>
> Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
> ---
> .../recipes-support/gnutls/gnutls/Add-ptest-support.patch | 8 ++++----
> .../gnutls/{gnutls_3.8.4.bb => gnutls_3.8.5.bb} | 2 +-
> 2 files changed, 5 insertions(+), 5 deletions(-)
> rename meta/recipes-support/gnutls/{gnutls_3.8.4.bb => gnutls_3.8.5.bb} (97%)
>
> diff --git a/meta/recipes-support/gnutls/gnutls/Add-ptest-support.patch b/meta/recipes-support/gnutls/gnutls/Add-ptest-support.patch
> index 1152d3797f..8edd31d6b9 100644
> --- a/meta/recipes-support/gnutls/gnutls/Add-ptest-support.patch
> +++ b/meta/recipes-support/gnutls/gnutls/Add-ptest-support.patch
> @@ -1,4 +1,4 @@
> -From ff6a345235b2585c261752e47a749228672b07dc Mon Sep 17 00:00:00 2001
> +From bfa70adcbda4e505cf2e597907852e78e0439ee2 Mon Sep 17 00:00:00 2001
> From: Ravineet Singh <ravineet.a.singh@est.tech>
> Date: Tue, 10 Jan 2023 16:11:10 +0100
> Subject: [PATCH] gnutls: add ptest support
> @@ -26,7 +26,7 @@ index 843193f..816b09f 100644
>
> include $(top_srcdir)/cligen/cligen.mk
> diff --git a/configure.ac b/configure.ac
> -index d6e03cf..e3f15fb 100644
> +index 934377e..4406eae 100644
> --- a/configure.ac
> +++ b/configure.ac
> @@ -1213,6 +1213,8 @@ AC_SUBST(LIBGNUTLS_CFLAGS)
> @@ -39,10 +39,10 @@ index d6e03cf..e3f15fb 100644
>
> hw_features=
> diff --git a/tests/Makefile.am b/tests/Makefile.am
> -index fb9e55a..c2d226a 100644
> +index e39a3b3..861dd63 100644
> --- a/tests/Makefile.am
> +++ b/tests/Makefile.am
> -@@ -658,6 +658,12 @@ SH_LOG_COMPILER = $(SHELL)
> +@@ -663,6 +663,12 @@ SH_LOG_COMPILER = $(SHELL)
> AM_VALGRINDFLAGS = --suppressions=$(srcdir)/suppressions.valgrind
> LOG_COMPILER = $(LOG_VALGRIND)
>
> diff --git a/meta/recipes-support/gnutls/gnutls_3.8.4.bb b/meta/recipes-support/gnutls/gnutls_3.8.5.bb
> similarity index 97%
> rename from meta/recipes-support/gnutls/gnutls_3.8.4.bb
> rename to meta/recipes-support/gnutls/gnutls_3.8.5.bb
> index 20139b4dd4..21506a04dc 100644
> --- a/meta/recipes-support/gnutls/gnutls_3.8.4.bb
> +++ b/meta/recipes-support/gnutls/gnutls_3.8.5.bb
> @@ -25,7 +25,7 @@ SRC_URI = "https://www.gnupg.org/ftp/gcrypt/gnutls/v${SHRT_VER}/gnutls-${PV}.tar
> file://Add-ptest-support.patch \
> "
>
> -SRC_URI[sha256sum] = "2bea4e154794f3f00180fa2a5c51fe8b005ac7a31cd58bd44cdfa7f36ebc3a9b"
> +SRC_URI[sha256sum] = "66269a2cfe0e1c2dabec87bdbbd8ab656f396edd9a40dd006978e003cfa52bfc"
>
> inherit autotools texinfo pkgconfig gettext lib_package gtk-doc ptest
>
> --
> 2.34.1
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#198029): https://lists.openembedded.org/g/openembedded-core/message/198029
> Mute This Topic: https://lists.openembedded.org/mt/105417636/3617179
> Group Owner: openembedded-core+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [alexandre.belloni@bootlin.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
On Wed, 2024-04-10 at 02:45 +0200, Alexandre Belloni via lists.openembedded.org wrote: > Failed ptests: > {'gnutls': ['alerts', > 'cert-status', > 'ciphersuite-name', > 'dtls-etm', > 'dtls10-cert-key-exchange', > 'dtls12-cert-key-exchange', > 'keylog-env', > 'mini-chain-unsorted', > 'mini-record-failure', > 'mini-overhead', > 'mini-record', > 'mini-record-2', > 'record-retvals', > 'rehandshake-switch-cert', > 'rehandshake-switch-cert-allow', > 'rehandshake-switch-cert-client', > 'rehandshake-switch-cert-client-allow', > 'rsa-encrypt-decrypt', > 'rsa-psk', > 'rsa-psk-cb', > 'rsaes-pkcs1-v1_5', > 'tls-etm', > 'tls-force-etm', > 'tls-neg-ext4-key', > 'tls10-cert-key-exchange', > 'tls11-cert-key-exchange', > 'tls10-server-kx-neg', > 'tls12-anon-upgrade', > 'tls12-cert-key-exchange', > 'tls11-server-kx-neg', > 'tls12-server-kx-neg', > 'tls13-cert-key-exchange', > 'tls13-server-kx-neg', > 'version-checks']} > > Hi, is there a autobuilder link to this? I tried it locally and all was fine. Would like to check it just to see if I can spot a difference. Or do you (Wang Mingyu) already check at the moment? Best
On 11/04/2024 19:41:09+0000, Simone Wei� wrote: > On Wed, 2024-04-10 at 02:45 +0200, Alexandre Belloni via > lists.openembedded.org wrote: > > Failed ptests: > > {'gnutls': ['alerts', > > ����������� 'cert-status', > > ����������� 'ciphersuite-name', > > ����������� 'dtls-etm', > > ����������� 'dtls10-cert-key-exchange', > > ����������� 'dtls12-cert-key-exchange', > > ����������� 'keylog-env', > > ����������� 'mini-chain-unsorted', > > ����������� 'mini-record-failure', > > ����������� 'mini-overhead', > > ����������� 'mini-record', > > ����������� 'mini-record-2', > > ����������� 'record-retvals', > > ����������� 'rehandshake-switch-cert', > > ����������� 'rehandshake-switch-cert-allow', > > ����������� 'rehandshake-switch-cert-client', > > ����������� 'rehandshake-switch-cert-client-allow', > > ����������� 'rsa-encrypt-decrypt', > > ����������� 'rsa-psk', > > ����������� 'rsa-psk-cb', > > ����������� 'rsaes-pkcs1-v1_5', > > ����������� 'tls-etm', > > ����������� 'tls-force-etm', > > ����������� 'tls-neg-ext4-key', > > ����������� 'tls10-cert-key-exchange', > > ����������� 'tls11-cert-key-exchange', > > ����������� 'tls10-server-kx-neg', > > ����������� 'tls12-anon-upgrade', > > ����������� 'tls12-cert-key-exchange', > > ����������� 'tls11-server-kx-neg', > > ����������� 'tls12-server-kx-neg', > > ����������� 'tls13-cert-key-exchange', > > ����������� 'tls13-server-kx-neg', > > ����������� 'version-checks']} > > > > > Hi, > > is there a autobuilder link to this? I tried it locally and all was fine. > Would like to check it just to see if I can spot a difference. Or do you > (Wang Mingyu) already check at the moment? https://autobuilder.yoctoproject.org/typhoon/#/builders/81/builds/6489/steps/12/logs/stdio https://autobuilder.yocto.io/pub/non-release/20240409-25/testresults/qemux86-64-ptest/gnutls.log > > Best
On Fri, 2024-04-12 at 16:39 +0200, Alexandre Belloni wrote: > On 11/04/2024 19:41:09+0000, Simone Weiß wrote: > > On Wed, 2024-04-10 at 02:45 +0200, Alexandre Belloni via > > lists.openembedded.org wrote: > > > Failed ptests: > > > {'gnutls': ['alerts', > > > 'cert-status', > > > 'ciphersuite-name', > > > 'dtls-etm', > > > 'dtls10-cert-key-exchange', > > > 'dtls12-cert-key-exchange', > > > 'keylog-env', > > > 'mini-chain-unsorted', > > > 'mini-record-failure', > > > 'mini-overhead', > > > 'mini-record', > > > 'mini-record-2', > > > 'record-retvals', > > > 'rehandshake-switch-cert', > > > 'rehandshake-switch-cert-allow', > > > 'rehandshake-switch-cert-client', > > > 'rehandshake-switch-cert-client-allow', > > > 'rsa-encrypt-decrypt', > > > 'rsa-psk', > > > 'rsa-psk-cb', > > > 'rsaes-pkcs1-v1_5', > > > 'tls-etm', > > > 'tls-force-etm', > > > 'tls-neg-ext4-key', > > > 'tls10-cert-key-exchange', > > > 'tls11-cert-key-exchange', > > > 'tls10-server-kx-neg', > > > 'tls12-anon-upgrade', > > > 'tls12-cert-key-exchange', > > > 'tls11-server-kx-neg', > > > 'tls12-server-kx-neg', > > > 'tls13-cert-key-exchange', > > > 'tls13-server-kx-neg', > > > 'version-checks']} > > > > > > > > Hi, > > > > is there a autobuilder link to this? I tried it locally and all was > > fine. > > Would like to check it just to see if I can spot a difference. Or do > > you > > (Wang Mingyu) already check at the moment? > > https://autobuilder.yoctoproject.org/typhoon/#/builders/81/builds/6489/steps/12/logs/stdio > > https://autobuilder.yocto.io/pub/non-release/20240409-25/testresults/qemux86-64-ptest/gnutls.log Looks like at least some might be fixable with https://gitlab.com/gnutls/gnutls/-/merge_requests/1830 I will take a further look >
On Sat, 2024-04-13 at 20:55 +0000, Simone Weiß wrote: > On Fri, 2024-04-12 at 16:39 +0200, Alexandre Belloni wrote: > > On 11/04/2024 19:41:09+0000, Simone Weiß wrote: > > > On Wed, 2024-04-10 at 02:45 +0200, Alexandre Belloni via > > > lists.openembedded.org wrote: > > > > Failed ptests: > > > > {'gnutls': ['alerts', > > > > 'cert-status', > > > > 'ciphersuite-name', > > > > 'dtls-etm', > > > > 'dtls10-cert-key-exchange', > > > > 'dtls12-cert-key-exchange', > > > > 'keylog-env', > > > > 'mini-chain-unsorted', > > > > 'mini-record-failure', > > > > 'mini-overhead', > > > > 'mini-record', > > > > 'mini-record-2', > > > > 'record-retvals', > > > > 'rehandshake-switch-cert', > > > > 'rehandshake-switch-cert-allow', > > > > 'rehandshake-switch-cert-client', > > > > 'rehandshake-switch-cert-client-allow', > > > > 'rsa-encrypt-decrypt', > > > > 'rsa-psk', > > > > 'rsa-psk-cb', > > > > 'rsaes-pkcs1-v1_5', > > > > 'tls-etm', > > > > 'tls-force-etm', > > > > 'tls-neg-ext4-key', > > > > 'tls10-cert-key-exchange', > > > > 'tls11-cert-key-exchange', > > > > 'tls10-server-kx-neg', > > > > 'tls12-anon-upgrade', > > > > 'tls12-cert-key-exchange', > > > > 'tls11-server-kx-neg', > > > > 'tls12-server-kx-neg', > > > > 'tls13-cert-key-exchange', > > > > 'tls13-server-kx-neg', > > > > 'version-checks']} > > > > > > > > > > > Hi, > > > > > > is there a autobuilder link to this? I tried it locally and all was > > > fine. > > > Would like to check it just to see if I can spot a difference. Or do > > > you > > > (Wang Mingyu) already check at the moment? > > > > https://autobuilder.yoctoproject.org/typhoon/#/builders/81/builds/6489/steps/12/logs/stdio > > > > https://autobuilder.yocto.io/pub/non-release/20240409-25/testresults/qemux86-64-ptest/gnutls.log > > Looks like at least some might be fixable with > https://gitlab.com/gnutls/gnutls/-/merge_requests/1830 > > I will take a further look New patches are on the list. (Wang Mingyu: I included your commit, hope that is ok) Simone
diff --git a/meta/recipes-support/gnutls/gnutls/Add-ptest-support.patch b/meta/recipes-support/gnutls/gnutls/Add-ptest-support.patch index 1152d3797f..8edd31d6b9 100644 --- a/meta/recipes-support/gnutls/gnutls/Add-ptest-support.patch +++ b/meta/recipes-support/gnutls/gnutls/Add-ptest-support.patch @@ -1,4 +1,4 @@ -From ff6a345235b2585c261752e47a749228672b07dc Mon Sep 17 00:00:00 2001 +From bfa70adcbda4e505cf2e597907852e78e0439ee2 Mon Sep 17 00:00:00 2001 From: Ravineet Singh <ravineet.a.singh@est.tech> Date: Tue, 10 Jan 2023 16:11:10 +0100 Subject: [PATCH] gnutls: add ptest support @@ -26,7 +26,7 @@ index 843193f..816b09f 100644 include $(top_srcdir)/cligen/cligen.mk diff --git a/configure.ac b/configure.ac -index d6e03cf..e3f15fb 100644 +index 934377e..4406eae 100644 --- a/configure.ac +++ b/configure.ac @@ -1213,6 +1213,8 @@ AC_SUBST(LIBGNUTLS_CFLAGS) @@ -39,10 +39,10 @@ index d6e03cf..e3f15fb 100644 hw_features= diff --git a/tests/Makefile.am b/tests/Makefile.am -index fb9e55a..c2d226a 100644 +index e39a3b3..861dd63 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am -@@ -658,6 +658,12 @@ SH_LOG_COMPILER = $(SHELL) +@@ -663,6 +663,12 @@ SH_LOG_COMPILER = $(SHELL) AM_VALGRINDFLAGS = --suppressions=$(srcdir)/suppressions.valgrind LOG_COMPILER = $(LOG_VALGRIND) diff --git a/meta/recipes-support/gnutls/gnutls_3.8.4.bb b/meta/recipes-support/gnutls/gnutls_3.8.5.bb similarity index 97% rename from meta/recipes-support/gnutls/gnutls_3.8.4.bb rename to meta/recipes-support/gnutls/gnutls_3.8.5.bb index 20139b4dd4..21506a04dc 100644 --- a/meta/recipes-support/gnutls/gnutls_3.8.4.bb +++ b/meta/recipes-support/gnutls/gnutls_3.8.5.bb @@ -25,7 +25,7 @@ SRC_URI = "https://www.gnupg.org/ftp/gcrypt/gnutls/v${SHRT_VER}/gnutls-${PV}.tar file://Add-ptest-support.patch \ " -SRC_URI[sha256sum] = "2bea4e154794f3f00180fa2a5c51fe8b005ac7a31cd58bd44cdfa7f36ebc3a9b" +SRC_URI[sha256sum] = "66269a2cfe0e1c2dabec87bdbbd8ab656f396edd9a40dd006978e003cfa52bfc" inherit autotools texinfo pkgconfig gettext lib_package gtk-doc ptest