mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-08-18 10:27:00 +02:00
Code Issues Packages Projects Releases Wiki Activity

net-libs/gnutls: update to 3.7.1

Browse Source 
Update gnutls to 3.7.1, mainly to address security vulnerabilities:
* CVE-2021-20231
* CVE-2021-20232
This commit is contained in:
Dongsu Park 2021-04-19 14:26:37 +02:00
parent 301cfa8be7
commit 226a7191dc
3 changed files with 148 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
sdk_container/src/third_party/portage-stable/net-libs/gnutls/Manifest vendored
View File

@ -1 +1,2 @@
DIST gnutls-3.6.15.tar.xz 6081656 BLAKE2B 6c52419037e41e817087a2577a6b73969cf065453ecf88e2f87152f544a177e4ad0ef825ae9dab243312e0223a953ab28e532bd2dbf96cb9498618415bc7f654 SHA512 f757d1532198f44bcad7b73856ce6a05bab43f6fb77fcc81c59607f146202f73023d0796d3e1e7471709cf792c8ee7d436e19407e0601bc0bda2f21512b3b01c DIST gnutls-3.6.15.tar.xz 6081656 BLAKE2B 6c52419037e41e817087a2577a6b73969cf065453ecf88e2f87152f544a177e4ad0ef825ae9dab243312e0223a953ab28e532bd2dbf96cb9498618415bc7f654 SHA512 f757d1532198f44bcad7b73856ce6a05bab43f6fb77fcc81c59607f146202f73023d0796d3e1e7471709cf792c8ee7d436e19407e0601bc0bda2f21512b3b01c
DIST gnutls-3.7.1.tar.xz 6038388 BLAKE2B 1d55eb441827c7148d63bcad37bf7bc62d539ee9bc7e14c2fe5ec1d0bdcadd75e2cbc98ba104523b24c8dfd9526b4595475a818d206971cc012fac509cd33a6f SHA512 0fe801f03676c3bd970387f94578c8be7ba6030904989e7d21dffdc726209bab44c8096fbcb6d51fed2de239537bd00df2338ee9c8d984a1c386826b91062a95

15
sdk_container/src/third_party/portage-stable/net-libs/gnutls/gnutls-3.6.15.ebuild vendored
View File

@ -1,17 +1,17 @@
# Copyright 1999-2020 Gentoo Authors # Copyright 1999-2021 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2 # Distributed under the terms of the GNU General Public License v2
EAPI=7 EAPI=7
inherit libtool multilib-minimal inherit libtool multilib-minimal
DESCRIPTION="A TLS 1.2 and SSL 3.0 implementation for the GNU project" DESCRIPTION="A secure communications library implementing the SSL, TLS and DTLS protocols"
HOMEPAGE="http://www.gnutls.org/" HOMEPAGE="https://www.gnutls.org/"
SRC_URI="mirror://gnupg/gnutls/v$(ver_cut 1-2)/${P}.tar.xz" SRC_URI="mirror://gnupg/gnutls/v$(ver_cut 1-2)/${P}.tar.xz"
LICENSE="GPL-3 LGPL-2.1+" LICENSE="GPL-3 LGPL-2.1+"
SLOT="0/30" # libgnutls.so number SLOT="0/30" # libgnutls.so number
KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
IUSE="+cxx dane doc examples guile +idn nls +openssl pkcs11 seccomp sslv2 sslv3 static-libs test test-full +tls-heartbeat tools valgrind" IUSE="+cxx dane doc examples guile +idn nls +openssl pkcs11 seccomp sslv2 sslv3 static-libs test test-full +tls-heartbeat tools valgrind"
REQUIRED_USE=" REQUIRED_USE="
@ -54,7 +54,7 @@ DOCS=(
HTML_DOCS=() HTML_DOCS=()
#PATCHES=( "${FILESDIR}"/${PN}-3.6.15-skip-dtls-seccomp-tests.patch ) PATCHES=( "${FILESDIR}"/${PN}-3.6.15-skip-dtls-seccomp-tests.patch )
pkg_setup() { pkg_setup() {
# bug#520818 # bug#520818
@ -74,6 +74,11 @@ src_prepare() {
rm src/$(basename ${file} .c).{c,h} || die rm src/$(basename ${file} .c).{c,h} || die
done done
# don't try to use system certificate store on macOS, it is
# confusingly ignoring our ca-certificates and more importantly
# fails to compile in certain configurations
sed -i -e 's/__APPLE__/__NO_APPLE__/' lib/system/certs.c || die
# Use sane .so versioning on FreeBSD. # Use sane .so versioning on FreeBSD.
elibtoolize elibtoolize
} }

137
sdk_container/src/third_party/portage-stable/net-libs/gnutls/gnutls-3.7.1.ebuild vendored Normal file
View File

@ -0,0 +1,137 @@
# Copyright 1999-2021 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=7
inherit libtool multilib-minimal
DESCRIPTION="A secure communications library implementing the SSL, TLS and DTLS protocols"
HOMEPAGE="https://www.gnutls.org/"
SRC_URI="mirror://gnupg/gnutls/v$(ver_cut 1-2)/${P}.tar.xz"
LICENSE="GPL-3 LGPL-2.1+"
SLOT="0/30" # libgnutls.so number
KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
IUSE="+cxx dane doc examples guile +idn nls +openssl pkcs11 seccomp sslv2 sslv3 static-libs test test-full +tls-heartbeat tools valgrind"
REQUIRED_USE="
test-full? ( cxx dane doc examples guile idn nls openssl pkcs11 seccomp tls-heartbeat tools )"
RESTRICT="!test? ( test )"
# NOTICE: sys-devel/autogen is required at runtime as we
# use system libopts
RDEPEND=">=dev-libs/libtasn1-4.9:=[${MULTILIB_USEDEP}]
dev-libs/libunistring:=[${MULTILIB_USEDEP}]
>=dev-libs/nettle-3.6:=[gmp,${MULTILIB_USEDEP}]
>=dev-libs/gmp-5.1.3-r1:=[${MULTILIB_USEDEP}]
tools? ( sys-devel/autogen:= )
dane? ( >=net-dns/unbound-1.4.20:=[${MULTILIB_USEDEP}] )
guile? ( >=dev-scheme/guile-2:=[networking] )
nls? ( >=virtual/libintl-0-r1:=[${MULTILIB_USEDEP}] )
pkcs11? ( >=app-crypt/p11-kit-0.23.1:=[${MULTILIB_USEDEP}] )
idn? ( >=net-dns/libidn2-0.16-r1:=[${MULTILIB_USEDEP}] )"
DEPEND="${RDEPEND}
test? (
seccomp? ( sys-libs/libseccomp )
)"
BDEPEND=">=virtual/pkgconfig-0-r1
doc? ( dev-util/gtk-doc )
nls? ( sys-devel/gettext )
tools? ( sys-devel/autogen )
valgrind? ( dev-util/valgrind )
test-full? (
app-crypt/dieharder
>=app-misc/datefudge-1.22
dev-libs/softhsm:2[-bindist]
net-dialup/ppp
net-misc/socat
)"
DOCS=(
README.md
doc/certtool.cfg
)
HTML_DOCS=()
pkg_setup() {
# bug#520818
export TZ=UTC
use doc && HTML_DOCS+=(
doc/gnutls.html
)
}
src_prepare() {
default
# force regeneration of autogen-ed files
local file
for file in $(grep -l AutoGen-ed src/*.c) ; do
rm src/$(basename ${file} .c).{c,h} || die
done
# don't try to use system certificate store on macOS, it is
# confusingly ignoring our ca-certificates and more importantly
# fails to compile in certain configurations
sed -i -e 's/__APPLE__/__NO_APPLE__/' lib/system/certs.c || die
# Use sane .so versioning on FreeBSD.
elibtoolize
}
multilib_src_configure() {
LINGUAS="${LINGUAS//en/en@boldquot en@quot}"
local libconf=()
# TPM needs to be tested before being enabled
libconf+=( --without-tpm )
# hardware-accell is disabled on OSX because the asm files force
# GNU-stack (as doesn't support that) and when that's removed ld
# complains about duplicate symbols
[[ ${CHOST} == *-darwin* ]] && libconf+=( --disable-hardware-acceleration )
# Cygwin as does not understand these asm files at all
[[ ${CHOST} == *-cygwin* ]] && libconf+=( --disable-hardware-acceleration )
local myeconfargs=(
$(multilib_native_enable manpages)
$(multilib_native_use_enable doc gtk-doc)
$(multilib_native_use_enable doc)
$(multilib_native_use_enable guile)
$(multilib_native_use_enable seccomp seccomp-tests)
$(multilib_native_use_enable test tests)
$(multilib_native_use_enable test-full full-test-suite)
$(multilib_native_use_enable tools)
$(multilib_native_use_enable valgrind valgrind-tests)
$(use_enable cxx)
$(use_enable dane libdane)
$(use_enable nls)
$(use_enable openssl openssl-compatibility)
$(use_enable sslv2 ssl2-support)
$(use_enable sslv3 ssl3-support)
$(use_enable static-libs static)
$(use_enable tls-heartbeat heartbeat-support)
$(use_with idn)
$(use_with pkcs11 p11-kit)
--disable-rpath
--with-default-trust-store-file="${EPREFIX}/etc/ssl/certs/ca-certificates.crt"
--with-unbound-root-key-file="${EPREFIX}/etc/dnssec/root-anchors.txt"
--without-included-libtasn1
$("${S}/configure" --help | grep -o -- '--without-.*-prefix')
)
ECONF_SOURCE="${S}" econf "${libconf[@]}" "${myeconfargs[@]}"
}
multilib_src_install_all() {
einstalldocs
find "${ED}" -type f -name '*.la' -delete || die
if use examples; then
docinto examples
dodoc doc/examples/*.c
fi
}