Yocto 2.3
Move OpenBMC to Yocto 2.3(pyro).
Tested: Built and verified Witherspoon and Palmetto images
Change-Id: I50744030e771f4850afc2a93a10d3507e76d36bc
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
Resolves: openbmc/openbmc#2461
diff --git a/import-layers/yocto-poky/meta/recipes-support/gnutls/gnutls.inc b/import-layers/yocto-poky/meta/recipes-support/gnutls/gnutls.inc
index 51b9d2b..1ecad1f 100644
--- a/import-layers/yocto-poky/meta/recipes-support/gnutls/gnutls.inc
+++ b/import-layers/yocto-poky/meta/recipes-support/gnutls/gnutls.inc
@@ -12,10 +12,10 @@
file://doc/COPYING;md5=d32239bcb673463ab874e80d47fae504 \
file://doc/COPYING.LESSER;md5=a6f89e2100d9b6cdffcea4f398e37343"
-DEPENDS = "nettle gmp virtual/libiconv"
+DEPENDS = "nettle gmp virtual/libiconv libunistring"
DEPENDS_append_libc-musl = " argp-standalone"
-SHRT_VER = "${@d.getVar('PV', True).split('.')[0]}.${@d.getVar('PV', True).split('.')[1]}"
+SHRT_VER = "${@d.getVar('PV').split('.')[0]}.${@d.getVar('PV').split('.')[1]}"
SRC_URI = "ftp://ftp.gnutls.org/gcrypt/gnutls/v${SHRT_VER}/gnutls-${PV}.tar.xz"
@@ -23,6 +23,11 @@
PACKAGECONFIG ??= "libidn zlib"
+# You must also have CONFIG_SECCOMP enabled in the kernel for
+# seccomp to work.
+#
+PACKAGECONFIG[seccomp] = "ac_cv_libseccomp=yes,ac_cv_libseccomp=no,libseccomp"
+
PACKAGECONFIG[libidn] = "--with-idn,--without-idn,libidn"
PACKAGECONFIG[libtasn1] = "--with-included-libtasn1=no,--with-included-libtasn1,libtasn1"
PACKAGECONFIG[p11-kit] = "--with-p11-kit,--without-p11-kit,p11-kit"
@@ -37,6 +42,7 @@
--enable-local-libopts \
--enable-openssl-compatibility \
--with-libpthread-prefix=${STAGING_DIR_HOST}${prefix} \
+ --without-libunistring-prefix \
"
LDFLAGS_append_libc-musl = " -largp"
diff --git a/import-layers/yocto-poky/meta/recipes-support/gnutls/gnutls/0001-Use-correct-include-dir-with-minitasn.patch b/import-layers/yocto-poky/meta/recipes-support/gnutls/gnutls/0001-Use-correct-include-dir-with-minitasn.patch
deleted file mode 100644
index d7dd7cf..0000000
--- a/import-layers/yocto-poky/meta/recipes-support/gnutls/gnutls/0001-Use-correct-include-dir-with-minitasn.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-From 2651b08477f42dd7a05ea7d6df410fb2c46de4fb Mon Sep 17 00:00:00 2001
-From: Jussi Kukkonen <jussi.kukkonen@intel.com>
-Date: Wed, 31 Aug 2016 11:04:06 +0300
-Subject: [PATCH] Use correct include dir with minitasn
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-This allows compiling certtool-cfg without libtasn headers.
-
-Upstream-Status: Submitted [https://gitlab.com/gnutls/gnutls/merge_requests/54]
-Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
----
- src/Makefile.am | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/src/Makefile.am b/src/Makefile.am
-index 182f3a5..cf65388 100644
---- a/src/Makefile.am
-+++ b/src/Makefile.am
-@@ -146,6 +146,7 @@ libcmd_cli_debug_la_SOURCES = cli-debug-args.def cli-debug-args.c cli-debug-args
- COMMON_LIBS = $(LIBOPTS) $(LTLIBINTL)
- if ENABLE_MINITASN1
- COMMON_LIBS += ../lib/minitasn1/libminitasn1.la ../gl/libgnu.la
-+AM_CPPFLAGS += -I$(top_srcdir)/lib/minitasn1
- else
- COMMON_LIBS += $(LIBTASN1_LIBS)
- endif
---
-2.9.3
-
diff --git a/import-layers/yocto-poky/meta/recipes-support/gnutls/gnutls/0001-configure.ac-fix-sed-command.patch b/import-layers/yocto-poky/meta/recipes-support/gnutls/gnutls/0001-configure.ac-fix-sed-command.patch
index c5b95eb..f0b7ca2 100644
--- a/import-layers/yocto-poky/meta/recipes-support/gnutls/gnutls/0001-configure.ac-fix-sed-command.patch
+++ b/import-layers/yocto-poky/meta/recipes-support/gnutls/gnutls/0001-configure.ac-fix-sed-command.patch
@@ -1,6 +1,6 @@
-From 67c638c7e209554d9b19627e9402a20fdabead21 Mon Sep 17 00:00:00 2001
+From eaab55bb6d48643163eebbc9ca575a9ca2a8e03f Mon Sep 17 00:00:00 2001
From: Alexander Kanavin <alex.kanavin@gmail.com>
-Date: Fri, 4 Dec 2015 13:19:28 +0200
+Date: Tue, 21 Feb 2017 17:10:07 +0200
Subject: [PATCH] configure.ac: fix sed command
The "sed 's/.bak//g'" matchs "bitbake", which would cause strange errors
@@ -15,18 +15,18 @@
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/configure.ac b/configure.ac
-index e634236..dc9e6a8 100644
+index 6907b21..7c70d9e 100644
--- a/configure.ac
+++ b/configure.ac
-@@ -549,7 +549,7 @@ if test "$enable_tools" != "no" || test "$enable_doc" != "no"; then
- dnl replace libopts-generated files with distributed backups, if present
- missing_baks=
- for i in ${srcdir}/src/*-args.c.bak ${srcdir}/src/*-args.h.bak; do
-- nam=`echo $i|sed 's/.bak//g'`
-+ nam=`echo $i|sed 's/\.bak$//'`
- if test -f $i;then
- cp -f $i $nam
- else
+@@ -948,7 +948,7 @@ YEAR=`date +%Y`
+ AC_SUBST([YEAR], $YEAR)
+
+ for i in ${srcdir}/src/*-args.c.bak ${srcdir}/src/*-args.h.bak; do
+- nam=$(basename $i|sed 's/.bak//g')
++ nam=$(basename $i|sed 's/\.bak$//')
+ if test "$create_libopts_links" = "yes";then
+ rm -f "src/$nam"
+ AC_CONFIG_LINKS([src/$nam:$i])
--
-2.6.2
+2.11.0
diff --git a/import-layers/yocto-poky/meta/recipes-support/gnutls/gnutls/CVE-2016-7444.patch b/import-layers/yocto-poky/meta/recipes-support/gnutls/gnutls/CVE-2016-7444.patch
deleted file mode 100644
index 215be5a..0000000
--- a/import-layers/yocto-poky/meta/recipes-support/gnutls/gnutls/CVE-2016-7444.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-CVE: CVE-2016-7444
-Upstream-Status: Backport
-Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
-
-Upstream commit follows:
-
-
-From 964632f37dfdfb914ebc5e49db4fa29af35b1de9 Mon Sep 17 00:00:00 2001
-From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
-Date: Sat, 27 Aug 2016 17:00:22 +0200
-Subject: [PATCH] ocsp: corrected the comparison of the serial size in OCSP response
-
-Previously the OCSP certificate check wouldn't verify the serial length
-and could succeed in cases it shouldn't.
-
-Reported by Stefan Buehler.
----
- lib/x509/ocsp.c | 1 +
- 1 file changed, 1 insertion(+), 0 deletions(-)
-
-diff --git a/lib/x509/ocsp.c b/lib/x509/ocsp.c
-index 92db9b6..8181f2e 100644
---- a/lib/x509/ocsp.c
-+++ b/lib/x509/ocsp.c
-@@ -1318,6 +1318,7 @@ gnutls_ocsp_resp_check_crt(gnutls_ocsp_resp_t resp,
- gnutls_assert();
- goto cleanup;
- }
-+ cserial.size = t;
-
- if (rserial.size != cserial.size
- || memcmp(cserial.data, rserial.data, rserial.size) != 0) {
---
-libgit2 0.24.0
-
diff --git a/import-layers/yocto-poky/meta/recipes-support/gnutls/gnutls/arm_eabi.patch b/import-layers/yocto-poky/meta/recipes-support/gnutls/gnutls/arm_eabi.patch
new file mode 100644
index 0000000..34c8985
--- /dev/null
+++ b/import-layers/yocto-poky/meta/recipes-support/gnutls/gnutls/arm_eabi.patch
@@ -0,0 +1,19 @@
+Certain syscall's are not availabe for arm-eabi, so we eliminate
+reference to them.
+
+Upstream-Status: Pending
+
+Signed-off-by: Joe Slater <jslater@windriver.com>
+
+--- a/tests/seccomp.c
++++ b/tests/seccomp.c
+@@ -49,7 +49,9 @@ int disable_system_calls(void)
+ }
+
+ ADD_SYSCALL(nanosleep, 0);
++#if ! defined(__ARM_EABI__)
+ ADD_SYSCALL(time, 0);
++#endif
+ ADD_SYSCALL(getpid, 0);
+ ADD_SYSCALL(gettimeofday, 0);
+ #if defined(HAVE_CLOCK_GETTIME)
diff --git a/import-layers/yocto-poky/meta/recipes-support/gnutls/gnutls/correct_rpl_gettimeofday_signature.patch b/import-layers/yocto-poky/meta/recipes-support/gnutls/gnutls/correct_rpl_gettimeofday_signature.patch
index 5e452c5..96b023a46 100644
--- a/import-layers/yocto-poky/meta/recipes-support/gnutls/gnutls/correct_rpl_gettimeofday_signature.patch
+++ b/import-layers/yocto-poky/meta/recipes-support/gnutls/gnutls/correct_rpl_gettimeofday_signature.patch
@@ -1,7 +1,7 @@
-From ae3370788ed3447bba16969d9eb1bf1b9631e1b7 Mon Sep 17 00:00:00 2001
+From 81b0f04c14f673b99778d2e7d8e85461e0bf2018 Mon Sep 17 00:00:00 2001
From: Valentin Popa <valentin.popa@intel.com>
Date: Fri, 25 Apr 2014 13:58:55 +0300
-Subject: [PATCH] Correct rpl_gettimeofday signature
+Subject: [PATCH 1/3] Correct rpl_gettimeofday signature
Currently we fail on uclibc like below
@@ -29,12 +29,13 @@
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Upstream-Status: Pending
+
---
gl/sys_time.in.h | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/gl/sys_time.in.h b/gl/sys_time.in.h
-index 84a17c9..6ceadc3 100644
+index 5a8caf3..2dc5718 100644
--- a/gl/sys_time.in.h
+++ b/gl/sys_time.in.h
@@ -93,20 +93,20 @@ struct timeval
@@ -61,7 +62,7 @@
+ (struct timeval *__restrict, void *__restrict));
# endif
_GL_CXXALIASWARN (gettimeofday);
- #elif defined GNULIB_POSIXCHECK
+ # if defined __cplusplus && defined GNULIB_NAMESPACE
--
-1.9.1
+2.10.2
diff --git a/import-layers/yocto-poky/meta/recipes-support/gnutls/gnutls_3.5.3.bb b/import-layers/yocto-poky/meta/recipes-support/gnutls/gnutls_3.5.3.bb
deleted file mode 100644
index b2dbb07..0000000
--- a/import-layers/yocto-poky/meta/recipes-support/gnutls/gnutls_3.5.3.bb
+++ /dev/null
@@ -1,13 +0,0 @@
-require gnutls.inc
-
-SRC_URI += "file://correct_rpl_gettimeofday_signature.patch \
- file://0001-configure.ac-fix-sed-command.patch \
- file://use-pkg-config-to-locate-zlib.patch \
- file://0001-Use-correct-include-dir-with-minitasn.patch \
- file://CVE-2016-7444.patch \
- "
-SRC_URI[md5sum] = "6c2c7f40ddf52933ee3ca474cb8cb63c"
-SRC_URI[sha256sum] = "92c4bc999a10a1b95299ebefaeea8333f19d8a98d957a35b5eae74881bdb1fef"
-
-# x86 .text relocations should be fixed from 3.5.5 onwards
-INSANE_SKIP_${PN}_append_x86 = " textrel"
diff --git a/import-layers/yocto-poky/meta/recipes-support/gnutls/gnutls_3.5.9.bb b/import-layers/yocto-poky/meta/recipes-support/gnutls/gnutls_3.5.9.bb
new file mode 100644
index 0000000..8f84dbb
--- /dev/null
+++ b/import-layers/yocto-poky/meta/recipes-support/gnutls/gnutls_3.5.9.bb
@@ -0,0 +1,10 @@
+require gnutls.inc
+
+SRC_URI += "file://correct_rpl_gettimeofday_signature.patch \
+ file://0001-configure.ac-fix-sed-command.patch \
+ file://use-pkg-config-to-locate-zlib.patch \
+ file://arm_eabi.patch \
+ "
+SRC_URI[md5sum] = "0ab25eb6a1509345dd085bc21a387951"
+SRC_URI[sha256sum] = "82b10f0c4ef18f4e64ad8cef5dbaf14be732f5095a41cf366b4ecb4050382951"
+
diff --git a/import-layers/yocto-poky/meta/recipes-support/gnutls/libtasn1/0001-configure-don-t-add-Werror-to-build-flags.patch b/import-layers/yocto-poky/meta/recipes-support/gnutls/libtasn1/0001-configure-don-t-add-Werror-to-build-flags.patch
deleted file mode 100644
index ae64394..0000000
--- a/import-layers/yocto-poky/meta/recipes-support/gnutls/libtasn1/0001-configure-don-t-add-Werror-to-build-flags.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From 908e9fa4c1172f09e0e45420a403dc25ed0a466c Mon Sep 17 00:00:00 2001
-From: Nikos Mavrogiannopoulos <nmav@redhat.com>
-Date: Tue, 26 Jul 2016 08:45:33 +0200
-Subject: [PATCH 1/4] configure: don't add -Werror to build flags
-
----
-Upstream-Status: Backport
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
-
- configure.ac | 2 --
- 1 file changed, 2 deletions(-)
-
-diff --git a/configure.ac b/configure.ac
-index 7a14e04..066f5fe 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -70,8 +70,6 @@ AC_ARG_ENABLE([gcc-warnings],
- )
-
- if test "$gl_gcc_warnings" = yes; then
-- gl_WARN_ADD([-Werror], [WERROR_CFLAGS])
--
- nw="$nw -Wsystem-headers" # Don't let system headers trigger warnings
- nw="$nw -Wc++-compat" # We don't care strongly about C++ compilers
- nw="$nw -Wtraditional" # Warns on #elif which we use often
---
-1.9.1
-
diff --git a/import-layers/yocto-poky/meta/recipes-support/gnutls/libtasn1/0001-stdint.m4-reintroduce-GNULIB_OVERRIDES_WINT_T-check.patch b/import-layers/yocto-poky/meta/recipes-support/gnutls/libtasn1/0001-stdint.m4-reintroduce-GNULIB_OVERRIDES_WINT_T-check.patch
new file mode 100644
index 0000000..1e52d6a
--- /dev/null
+++ b/import-layers/yocto-poky/meta/recipes-support/gnutls/libtasn1/0001-stdint.m4-reintroduce-GNULIB_OVERRIDES_WINT_T-check.patch
@@ -0,0 +1,63 @@
+From b17dbb8d3c5605db3a1d82861fcaeef4636d1117 Mon Sep 17 00:00:00 2001
+From: "Maxin B. John" <maxin.john@intel.com>
+Date: Thu, 26 Jan 2017 18:54:48 +0200
+Subject: [PATCH] stdint.m4: reintroduce GNULIB_OVERRIDES_WINT_T check
+
+Partially revert the gnulib commit: 5a400b3f5a1f5483dbfd75d38bdb7080218a063b
+to fix the build error with musl library.
+
+Upstream-Status: Inappropriate
+
+Signed-off-by: Maxin B. John <maxin.john@intel.com>
+---
+ gl/m4/stdint.m4 | 27 +++++++++++++++++++++++++++
+ 1 file changed, 27 insertions(+)
+
+diff --git a/gl/m4/stdint.m4 b/gl/m4/stdint.m4
+index 4ac854d..3dc3da1 100644
+--- a/gl/m4/stdint.m4
++++ b/gl/m4/stdint.m4
+@@ -355,6 +355,32 @@ int32_t i32 = INT32_C (0x7fffffff);
+ gl_STDINT_TYPE_PROPERTIES
+ fi
+
++ dnl Determine whether gnulib's <wchar.h> or <wctype.h> would, if present,
++ dnl override 'wint_t'.
++ AC_CACHE_CHECK([whether wint_t is too small],
++ [gl_cv_type_wint_t_too_small],
++ [AC_COMPILE_IFELSE(
++ [AC_LANG_PROGRAM([[
++ /* Tru64 with Desktop Toolkit C has a bug: <stdio.h> must be included before
++ <wchar.h>.
++ BSD/OS 4.0.1 has a bug: <stddef.h>, <stdio.h> and <time.h> must be
++ included before <wchar.h>. */
++ #if !(defined __GLIBC__ && !defined __UCLIBC__)
++ # include <stddef.h>
++ # include <stdio.h>
++ # include <time.h>
++ #endif
++ #include <wchar.h>
++ int verify[sizeof (wint_t) < sizeof (int) ? -1 : 1];
++ ]])],
++ [gl_cv_type_wint_t_too_small=no],
++ [gl_cv_type_wint_t_too_small=yes])])
++ if test $gl_cv_type_wint_t_too_small = yes; then
++ GNULIB_OVERRIDES_WINT_T=1
++ else
++ GNULIB_OVERRIDES_WINT_T=0
++ fi
++
+ dnl The substitute stdint.h needs the substitute limit.h's _GL_INTEGER_WIDTH.
+ LIMITS_H=limits.h
+ AM_CONDITIONAL([GL_GENERATE_LIMITS_H], [test -n "$LIMITS_H"])
+@@ -363,6 +389,7 @@ int32_t i32 = INT32_C (0x7fffffff);
+ AC_SUBST([HAVE_SYS_BITYPES_H])
+ AC_SUBST([HAVE_SYS_INTTYPES_H])
+ AC_SUBST([STDINT_H])
++ AC_SUBST([GNULIB_OVERRIDES_WINT_T])
+ AM_CONDITIONAL([GL_GENERATE_STDINT_H], [test -n "$STDINT_H"])
+ ])
+
+--
+2.4.0
+
diff --git a/import-layers/yocto-poky/meta/recipes-support/gnutls/libtasn1/0002-ASN.y-corrected-compiler-warning.patch b/import-layers/yocto-poky/meta/recipes-support/gnutls/libtasn1/0002-ASN.y-corrected-compiler-warning.patch
deleted file mode 100644
index dd36422..0000000
--- a/import-layers/yocto-poky/meta/recipes-support/gnutls/libtasn1/0002-ASN.y-corrected-compiler-warning.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From 3542c01618fcde83b29640ea2c60bfd2629ae0b7 Mon Sep 17 00:00:00 2001
-From: Nikos Mavrogiannopoulos <nmav@redhat.com>
-Date: Tue, 26 Jul 2016 08:47:49 +0200
-Subject: [PATCH 2/4] ASN.y: corrected compiler warning
-
----
-Upstream-Status: Backport
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
-
- lib/ASN1.y | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/lib/ASN1.y b/lib/ASN1.y
-index 731415d..6db638f 100644
---- a/lib/ASN1.y
-+++ b/lib/ASN1.y
-@@ -621,7 +621,7 @@ _asn1_create_errorDescription (int error, char *error_desc)
- case ASN1_NAME_TOO_LONG:
- snprintf (error_desc, ASN1_MAX_ERROR_DESCRIPTION_SIZE,
- "%s:%u: name too long (more than %u characters)", file_name,
-- line_number, ASN1_MAX_NAME_SIZE);
-+ line_number, (unsigned)ASN1_MAX_NAME_SIZE);
- break;
- case ASN1_IDENTIFIER_NOT_FOUND:
- snprintf (error_desc, ASN1_MAX_ERROR_DESCRIPTION_SIZE,
---
-1.9.1
-
diff --git a/import-layers/yocto-poky/meta/recipes-support/gnutls/libtasn1/0003-parser_aux-corrected-potential-null-pointer-derefere.patch b/import-layers/yocto-poky/meta/recipes-support/gnutls/libtasn1/0003-parser_aux-corrected-potential-null-pointer-derefere.patch
deleted file mode 100644
index 2420143..0000000
--- a/import-layers/yocto-poky/meta/recipes-support/gnutls/libtasn1/0003-parser_aux-corrected-potential-null-pointer-derefere.patch
+++ /dev/null
@@ -1,73 +0,0 @@
-From c8903aa27dc9de1d9efeed9d1f7894f1019548f7 Mon Sep 17 00:00:00 2001
-From: Nikos Mavrogiannopoulos <nmav@redhat.com>
-Date: Tue, 26 Jul 2016 08:49:15 +0200
-Subject: [PATCH 3/4] parser_aux: corrected potential null pointer dereferences
-
----
-Upstream-Status: Backport
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
-
- lib/parser_aux.c | 12 ++++++------
- 1 file changed, 6 insertions(+), 6 deletions(-)
-
-diff --git a/lib/parser_aux.c b/lib/parser_aux.c
-index 2285b20..12ee16f 100644
---- a/lib/parser_aux.c
-+++ b/lib/parser_aux.c
-@@ -637,7 +637,7 @@ _asn1_change_integer_value (asn1_node node)
- p = NULL;
- break;
- }
-- if (p->right)
-+ if (p && p->right)
- {
- p = p->right;
- break;
-@@ -753,7 +753,7 @@ _asn1_expand_object_id (asn1_node node)
-
- if (move == RIGHT)
- {
-- if (p->right)
-+ if (p && p->right)
- p = p->right;
- else
- move = UP;
-@@ -828,7 +828,7 @@ _asn1_expand_object_id (asn1_node node)
-
- if (move == RIGHT)
- {
-- if (p->right)
-+ if (p && p->right)
- p = p->right;
- else
- move = UP;
-@@ -898,7 +898,7 @@ _asn1_type_set_config (asn1_node node)
-
- if (move == RIGHT)
- {
-- if (p->right)
-+ if (p && p->right)
- p = p->right;
- else
- move = UP;
-@@ -1007,7 +1007,7 @@ _asn1_check_identifier (asn1_node node)
- p = NULL;
- break;
- }
-- if (p->right)
-+ if (p && p->right)
- {
- p = p->right;
- break;
-@@ -1067,7 +1067,7 @@ _asn1_set_default_tag (asn1_node node)
- p = NULL;
- break;
- }
-- if (p->right)
-+ if (p && p->right)
- {
- p = p->right;
- break;
---
-1.9.1
-
diff --git a/import-layers/yocto-poky/meta/recipes-support/gnutls/libtasn1/0004-tools-eliminated-compiler-warnings.patch b/import-layers/yocto-poky/meta/recipes-support/gnutls/libtasn1/0004-tools-eliminated-compiler-warnings.patch
deleted file mode 100644
index 7bda0e6..0000000
--- a/import-layers/yocto-poky/meta/recipes-support/gnutls/libtasn1/0004-tools-eliminated-compiler-warnings.patch
+++ /dev/null
@@ -1,56 +0,0 @@
-From d647bb2fa1bd288a6ac02c18318f3cba2a34c3a0 Mon Sep 17 00:00:00 2001
-From: Nikos Mavrogiannopoulos <nmav@redhat.com>
-Date: Tue, 26 Jul 2016 08:50:24 +0200
-Subject: [PATCH 4/4] tools: eliminated compiler warnings
-
----
-Upstream-Status: Backport
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
-
- src/asn1Coding.c | 2 +-
- src/asn1Decoding.c | 2 +-
- src/asn1Parser.c | 2 +-
- 3 files changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/src/asn1Coding.c b/src/asn1Coding.c
-index d4df593..b516bfe 100644
---- a/src/asn1Coding.c
-+++ b/src/asn1Coding.c
-@@ -188,7 +188,7 @@ main (int argc, char *argv[])
- default:
- fprintf (stderr,
- "asn1Coding: ?? getopt returned character code Ox%x ??\n",
-- option_result);
-+ (unsigned)option_result);
- }
- }
-
-diff --git a/src/asn1Decoding.c b/src/asn1Decoding.c
-index 078963e..20f91ac 100644
---- a/src/asn1Decoding.c
-+++ b/src/asn1Decoding.c
-@@ -131,7 +131,7 @@ main (int argc, char *argv[])
- default:
- fprintf (stderr,
- "asn1Decoding: ?? getopt returned character code Ox%x ??\n",
-- option_result);
-+ (unsigned)option_result);
- }
- }
-
-diff --git a/src/asn1Parser.c b/src/asn1Parser.c
-index 7a3ae67..475bfc9 100644
---- a/src/asn1Parser.c
-+++ b/src/asn1Parser.c
-@@ -139,7 +139,7 @@ main (int argc, char *argv[])
- default:
- fprintf (stderr,
- "asn1Parser: ?? getopt returned character code Ox%x ??\n",
-- option_result);
-+ (unsigned)option_result);
- }
-
- }
---
-1.9.1
-
diff --git a/import-layers/yocto-poky/meta/recipes-support/gnutls/libtasn1/CVE-2017-10790.patch b/import-layers/yocto-poky/meta/recipes-support/gnutls/libtasn1/CVE-2017-10790.patch
new file mode 100644
index 0000000..be84380
--- /dev/null
+++ b/import-layers/yocto-poky/meta/recipes-support/gnutls/libtasn1/CVE-2017-10790.patch
@@ -0,0 +1,63 @@
+From d8d805e1f2e6799bb2dff4871a8598dc83088a39 Mon Sep 17 00:00:00 2001
+From: Nikos Mavrogiannopoulos <nmav@redhat.com>
+Date: Thu, 22 Jun 2017 16:31:37 +0200
+Subject: [PATCH] _asn1_check_identifier: safer access to values read
+
+Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commit;h=d8d805e1f2e6799bb2dff4871a8598dc83088a39
+Upstream-Status: Backport
+
+CVE: CVE-2017-10790
+
+Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
+Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
+---
+ lib/parser_aux.c | 17 ++++++++++++-----
+ 1 file changed, 12 insertions(+), 5 deletions(-)
+
+diff --git a/lib/parser_aux.c b/lib/parser_aux.c
+index 976ab38..786ea64 100644
+--- a/lib/parser_aux.c
++++ b/lib/parser_aux.c
+@@ -955,7 +955,7 @@ _asn1_check_identifier (asn1_node node)
+ if (p2 == NULL)
+ {
+ if (p->value)
+- _asn1_strcpy (_asn1_identifierMissing, p->value);
++ _asn1_str_cpy (_asn1_identifierMissing, sizeof(_asn1_identifierMissing), (char*)p->value);
+ else
+ _asn1_strcpy (_asn1_identifierMissing, "(null)");
+ return ASN1_IDENTIFIER_NOT_FOUND;
+@@ -968,9 +968,15 @@ _asn1_check_identifier (asn1_node node)
+ if (p2 && (type_field (p2->type) == ASN1_ETYPE_DEFAULT))
+ {
+ _asn1_str_cpy (name2, sizeof (name2), node->name);
+- _asn1_str_cat (name2, sizeof (name2), ".");
+- _asn1_str_cat (name2, sizeof (name2), (char *) p2->value);
+- _asn1_strcpy (_asn1_identifierMissing, p2->value);
++ if (p2->value)
++ {
++ _asn1_str_cat (name2, sizeof (name2), ".");
++ _asn1_str_cat (name2, sizeof (name2), (char *) p2->value);
++ _asn1_str_cpy (_asn1_identifierMissing, sizeof(_asn1_identifierMissing), (char*)p2->value);
++ }
++ else
++ _asn1_strcpy (_asn1_identifierMissing, "(null)");
++
+ p2 = asn1_find_node (node, name2);
+ if (!p2 || (type_field (p2->type) != ASN1_ETYPE_OBJECT_ID) ||
+ !(p2->type & CONST_ASSIGN))
+@@ -990,7 +996,8 @@ _asn1_check_identifier (asn1_node node)
+ _asn1_str_cpy (name2, sizeof (name2), node->name);
+ _asn1_str_cat (name2, sizeof (name2), ".");
+ _asn1_str_cat (name2, sizeof (name2), (char *) p2->value);
+- _asn1_strcpy (_asn1_identifierMissing, p2->value);
++ _asn1_str_cpy (_asn1_identifierMissing, sizeof(_asn1_identifierMissing), (char*)p2->value);
++
+ p2 = asn1_find_node (node, name2);
+ if (!p2 || (type_field (p2->type) != ASN1_ETYPE_OBJECT_ID)
+ || !(p2->type & CONST_ASSIGN))
+--
+1.7.9.5
+
diff --git a/import-layers/yocto-poky/meta/recipes-support/gnutls/libtasn1_4.10.bb b/import-layers/yocto-poky/meta/recipes-support/gnutls/libtasn1_4.10.bb
new file mode 100644
index 0000000..dfc7f12
--- /dev/null
+++ b/import-layers/yocto-poky/meta/recipes-support/gnutls/libtasn1_4.10.bb
@@ -0,0 +1,24 @@
+SUMMARY = "Library for ASN.1 and DER manipulation"
+HOMEPAGE = "http://www.gnu.org/software/libtasn1/"
+
+LICENSE = "GPLv3+ & LGPLv2.1+"
+LICENSE_${PN}-bin = "GPLv3+"
+LICENSE_${PN} = "LGPLv2.1+"
+LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504 \
+ file://COPYING.LIB;md5=4fbd65380cdd255951079008b364516c \
+ file://README;endline=8;md5=c3803a3e8ca5ab5eb1e5912faa405351"
+
+SRC_URI = "${GNU_MIRROR}/libtasn1/libtasn1-${PV}.tar.gz \
+ file://dont-depend-on-help2man.patch \
+ file://0001-stdint.m4-reintroduce-GNULIB_OVERRIDES_WINT_T-check.patch \
+ file://CVE-2017-10790.patch \
+ "
+
+DEPENDS = "bison-native"
+
+SRC_URI[md5sum] = "f4faffdf63969d0e4e6df43b9679e8e5"
+SRC_URI[sha256sum] = "681a4d9a0d259f2125713f2e5766c5809f151b3a1392fd91390f780b4b8f5a02"
+
+inherit autotools texinfo binconfig lib_package gtk-doc
+
+BBCLASSEXTEND = "native"
diff --git a/import-layers/yocto-poky/meta/recipes-support/gnutls/libtasn1_4.9.bb b/import-layers/yocto-poky/meta/recipes-support/gnutls/libtasn1_4.9.bb
deleted file mode 100644
index b8ff9ea..0000000
--- a/import-layers/yocto-poky/meta/recipes-support/gnutls/libtasn1_4.9.bb
+++ /dev/null
@@ -1,24 +0,0 @@
-SUMMARY = "Library for ASN.1 and DER manipulation"
-HOMEPAGE = "http://www.gnu.org/software/libtasn1/"
-
-LICENSE = "GPLv3+ & LGPLv2.1+"
-LICENSE_${PN}-bin = "GPLv3+"
-LICENSE_${PN} = "LGPLv2.1+"
-LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504 \
- file://COPYING.LIB;md5=4fbd65380cdd255951079008b364516c \
- file://README;endline=8;md5=c3803a3e8ca5ab5eb1e5912faa405351"
-
-SRC_URI = "${GNU_MIRROR}/libtasn1/libtasn1-${PV}.tar.gz \
- file://dont-depend-on-help2man.patch \
- file://0001-configure-don-t-add-Werror-to-build-flags.patch \
- file://0002-ASN.y-corrected-compiler-warning.patch \
- file://0003-parser_aux-corrected-potential-null-pointer-derefere.patch \
- file://0004-tools-eliminated-compiler-warnings.patch \
- "
-
-SRC_URI[md5sum] = "3018d0f466a32b66dde41bb122e6cab6"
-SRC_URI[sha256sum] = "4f6f7a8fd691ac2b8307c8ca365bad711db607d4ad5966f6938a9d2ecd65c920"
-
-inherit autotools texinfo binconfig lib_package gtk-doc
-
-BBCLASSEXTEND = "native"