gnutls: upgrade 3.8.3 -> 3.8.4

- Upgrade gnutls SRCREV for new version
- Refresh patches for 3.8.4

Changelog:
==========

** libgnutls: RSA-OAEP encryption scheme is now supported
   To use it with an unrestricted RSA private key, one would need to
   initialize a gnutls_x509_spki_t object with necessary parameters
   for RSA-OAEP and attach it to the private key. It is also possible
   to import restricted private keys if they are stored in PKCS#8
   format.

** libgnutls: Fix side-channel in the deterministic ECDSA.
   Reported by George Pantelakis (#1516).
   [GNUTLS-SA-2023-12-04, CVSS: medium] [CVE-2024-28834]

** libgnutls: Fixed a bug where certtool crashed when verifying a certificate
   chain with more than 16 certificates. Reported by William Woodruff (#1525)
   and yixiangzhike (#1527).
   [GNUTLS-SA-2024-01-23, CVSS: medium] [CVE-2024-28835]

** libgnutls: Compression libraries are now loaded dynamically as needed
   instead of all being loaded during gnutls library initialization.
   As a result, the library initialization should be faster.

** build: The gnutls library can now be linked with the static library
   of GMP.  Note that in order for this to work libgmp.a needs to be
   compiled with -fPIC and libhogweed in Nettle also has to be linked
   to the static library of GMP.  This can be used to prevent custom
   memory allocators from being overriden by other applications.

** API and ABI modifications:
gnutls_x509_spki_get_rsa_oaep_params: New function.
gnutls_x509_spki_set_rsa_oaep_params: New function.
GNUTLS_PK_RSA_OAEP: New enum member of gnutls_pk_algorithm_t.

Signed-off-by: Simone Weiß <simone.p.weiss@posteo.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

diff --git a/meta/recipes-support/gnutls/gnutls/0001-Creating-.hmac-file-should-be-excuted-in-target-envi.patch b/meta/recipes-support/gnutls/gnutls/0001-Creating-.hmac-file-should-be-excuted-in-target-envi.patch
index 4bdc40d93278a43c8de3214a04e2c1ade1c075d4..d13bfee8ef093ec79877b47c207b52b648d98f83 100644 (file)
--- a/meta/recipes-support/gnutls/gnutls/0001-Creating-.hmac-file-should-be-excuted-in-target-envi.patch
+++ b/meta/recipes-support/gnutls/gnutls/0001-Creating-.hmac-file-should-be-excuted-in-target-envi.patch
@@ -1,4 +1,4 @@
-From 21a8295bac3805e4490ba2b5f136e7f4c121061b Mon Sep 17 00:00:00 2001
+From 7be8ec59a53e93c2bd453b3ba2d63d1b300ef11f Mon Sep 17 00:00:00 2001
 From: Lei Maohui <leimaohui@fujitsu.com>
 Date: Mon, 23 May 2022 10:44:43 +0900
 Subject: [PATCH] Creating .hmac file should be excuted in target environment,
@@ -6,16 +6,15 @@ Subject: [PATCH] Creating .hmac file should be excuted in target environment,
 
 Upstream-Status: Inappropriate [https://gitlab.com/gnutls/gnutls/-/issues/1373]
 Signed-off-by: Lei Maohui <leimaohui@fujitsu.com>
-
 ---
  lib/Makefile.am | 3 +--
  1 file changed, 1 insertion(+), 2 deletions(-)
 
 diff --git a/lib/Makefile.am b/lib/Makefile.am
-index 6d4e8d2..24ef108 100644
+index a50d311..193ea19 100644
 --- a/lib/Makefile.am
 +++ b/lib/Makefile.am
-@@ -206,8 +206,7 @@ hmac_file = .libs/.$(gnutls_so).hmac
+@@ -198,8 +198,7 @@ hmac_file = .libs/.$(gnutls_so).hmac
  
  all-local: $(hmac_file)
  

diff --git a/meta/recipes-support/gnutls/gnutls/Add-ptest-support.patch b/meta/recipes-support/gnutls/gnutls/Add-ptest-support.patch
index f87cf536fabce1c720929dd3933903a29859c393..1152d3797f4f179d71fa203fae294dee4deabf02 100644 (file)
--- a/meta/recipes-support/gnutls/gnutls/Add-ptest-support.patch
+++ b/meta/recipes-support/gnutls/gnutls/Add-ptest-support.patch
@@ -1,11 +1,10 @@
-From 81861f7ba690956c064ebe8dce6c313951fa2a9f Mon Sep 17 00:00:00 2001
+From ff6a345235b2585c261752e47a749228672b07dc Mon Sep 17 00:00:00 2001
 From: Ravineet Singh <ravineet.a.singh@est.tech>
 Date: Tue, 10 Jan 2023 16:11:10 +0100
 Subject: [PATCH] gnutls: add ptest support
 
 Upstream-Status: Inappropriate [embedded specific]
 Signed-off-by: Ravineet Singh <ravineet.a.singh@est.tech>
-
 ---
  Makefile.am       | 3 +++
  configure.ac      | 2 ++
@@ -27,10 +26,10 @@ index 843193f..816b09f 100644
  
  include $(top_srcdir)/cligen/cligen.mk
 diff --git a/configure.ac b/configure.ac
-index b25ba14..860ddef 100644
+index d6e03cf..e3f15fb 100644
 --- a/configure.ac
 +++ b/configure.ac
-@@ -1150,6 +1150,8 @@ AC_SUBST(LIBGNUTLS_CFLAGS)
+@@ -1213,6 +1213,8 @@ AC_SUBST(LIBGNUTLS_CFLAGS)
  
  AM_CONDITIONAL(NEEDS_LIBRT, test "$gnutls_needs_librt" = "yes")
  
@@ -40,10 +39,10 @@ index b25ba14..860ddef 100644
  
  hw_features=
 diff --git a/tests/Makefile.am b/tests/Makefile.am
-index d530ad0..71c592f 100644
+index fb9e55a..c2d226a 100644
 --- a/tests/Makefile.am
 +++ b/tests/Makefile.am
-@@ -648,6 +648,12 @@ SH_LOG_COMPILER = $(SHELL)
+@@ -658,6 +658,12 @@ SH_LOG_COMPILER = $(SHELL)
  AM_VALGRINDFLAGS = --suppressions=$(srcdir)/suppressions.valgrind
  LOG_COMPILER = $(LOG_VALGRIND)
  

diff --git a/meta/recipes-support/gnutls/gnutls/arm_eabi.patch b/meta/recipes-support/gnutls/gnutls/arm_eabi.patch
index fe3f031fdccc1cfb3de90169caa416ed50dda999..883d0123db596250577e5e0379a01a04c1567d47 100644 (file)
--- a/meta/recipes-support/gnutls/gnutls/arm_eabi.patch
+++ b/meta/recipes-support/gnutls/gnutls/arm_eabi.patch
@@ -1,4 +1,4 @@
-From 5810d97281bb30edb786de9946e5c13186eff6a2 Mon Sep 17 00:00:00 2001
+From d17ae0ef31c3c186766a338e8c40c87d1b98820e Mon Sep 17 00:00:00 2001
 From: Joe Slater <jslater@windriver.com>
 Date: Wed, 25 Jan 2017 13:52:59 -0800
 Subject: [PATCH] gnutls: account for ARM_EABI
@@ -14,7 +14,7 @@ Signed-off-by: Joe Slater <jslater@windriver.com>
  1 file changed, 2 insertions(+)
 
 diff --git a/tests/seccomp.c b/tests/seccomp.c
-index 86442a5..03a5aa8 100644
+index 881f0bb..5f9204a 100644
 --- a/tests/seccomp.c
 +++ b/tests/seccomp.c
 @@ -55,7 +55,9 @@ int disable_system_calls(void)
@@ -27,6 +27,3 @@ index 86442a5..03a5aa8 100644
        ADD_SYSCALL(getpid, 0);
        ADD_SYSCALL(gettimeofday, 0);
  #if defined(HAVE_CLOCK_GETTIME)
--- 
-2.30.2
-

diff --git a/meta/recipes-support/gnutls/gnutls_3.8.3.bb b/meta/recipes-support/gnutls/gnutls_3.8.4.bb
similarity index 97%
rename from meta/recipes-support/gnutls/gnutls_3.8.3.bb
rename to meta/recipes-support/gnutls/gnutls_3.8.4.bb
index 27d6753be0a9269f00df13521f5e5ca5b480d238..20139b4dd4fdca4a2a47f180adfcd5d9f8e05d85 100644 (file)
--- a/meta/recipes-support/gnutls/gnutls_3.8.3.bb
+++ b/meta/recipes-support/gnutls/gnutls_3.8.4.bb
@@ -25,7 +25,7 @@ SRC_URI = "https://www.gnupg.org/ftp/gcrypt/gnutls/v${SHRT_VER}/gnutls-${PV}.tar
            file://Add-ptest-support.patch \
            "
 
-SRC_URI[sha256sum] = "f74fc5954b27d4ec6dfbb11dea987888b5b124289a3703afcada0ee520f4173e"
+SRC_URI[sha256sum] = "2bea4e154794f3f00180fa2a5c51fe8b005ac7a31cd58bd44cdfa7f36ebc3a9b"
 
 inherit autotools texinfo pkgconfig gettext lib_package gtk-doc ptest