From patchwork Thu Apr 10 08:09:45 2014
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: christian.braunersorensen@prevas.dk
X-Patchwork-Id: 338026
X-Patchwork-Delegate: esben@haabendal.dk
Return-Path: <dev-bounces@oe-lite.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from hugin.dotsrc.org (hugin.dotsrc.org [130.225.254.102])
	by ozlabs.org (Postfix) with ESMTP id 2C71E1400D9
	for <incoming@patchwork.ozlabs.org>;
	Thu, 10 Apr 2014 18:18:54 +1000 (EST)
Received: from hugin.dotsrc.org (localhost [127.0.0.1])
	by hugin.dotsrc.org (Postfix) with ESMTP id 30C913FFCC
	for <incoming@patchwork.ozlabs.org>;
	Thu, 10 Apr 2014 10:10:09 +0200 (CEST)
X-Original-To: dev@oe-lite.org
Delivered-To: dev@oe-lite.org
Received: from mail01.prevas.se (mail01.prevas.se [62.95.78.3])
	by hugin.dotsrc.org (Postfix) with ESMTPS id D0B0C3FDB3
	for <dev@oe-lite.org>; Thu, 10 Apr 2014 10:09:54 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple;
	d=prevas.dk; i=@prevas.dk; l=7018; q=dns/txt;
	s=ironport1; t=1397117394; x=1428653394;
	h=from:to:subject:date:message-id:in-reply-to:references:
	mime-version:content-transfer-encoding;
	bh=PfGXVHaNvdPztovLKP/SoMPHa8v2t8hzYFjW+Yx53Ao=;
	b=FxvOwiAvPXsvp4c0gfc6QxWTscCfd/xIlvTzMKg3PpwWd4G7vTvY3eBG
	cYH5G54F/XgnyZJpHb++7yxtzIdYdPVhMiKZjc3vFQtGzu96DLghoagCK
	BpwLpUxhgfvHKmDsV1exonSzNAwIkiT2zP7ZESe89f16R5XVJBG7t9QrI E=;
X-IronPort-AV: E=Sophos;i="4.97,833,1389740400"; d="scan'208";a="4590601"
Received: from vmprevas3.prevas.se (HELO smtp.prevas.se) ([172.16.8.103])
	by ironport1.prevas.se with ESMTP/TLS/AES128-SHA;
	10 Apr 2014 10:09:52 +0200
Received: from localhost (172.16.10.102) by smtp.prevas.se (172.16.8.105)
	with
	Microsoft SMTP Server id 14.2.347.0; Thu, 10 Apr 2014 10:09:51 +0200
Received: by localhost (Postfix, from userid 30007)	id E163C682CCA; Thu, 10
	Apr 2014 08:09:51 +0000 (UTC)
From: <christian.braunersorensen@prevas.dk>
To: <dev@oe-lite.org>
Subject: [PATCH 25/28] gnutls: Add version 3.2.13 (post X509 auth
	vulnerability)
Date: Thu, 10 Apr 2014 08:09:45 +0000
Message-ID: 
 <d3e2112a316d27cb5dc0941b1965657eb6d6fdce.1397117164.git.christian.braunersorensen@prevas.dk>
X-Mailer: git-send-email 1.8.4
In-Reply-To: <cover.1397117164.git.christian.braunersorensen@prevas.dk>
References: <cover.1397117164.git.christian.braunersorensen@prevas.dk>
MIME-Version: 1.0
X-BeenThere: dev@oe-lite.org
X-Mailman-Version: 2.1.13
Precedence: list
List-Id: OE-lite development <dev.oe-lite.org>
List-Unsubscribe: <http://lists.oe-lite.org/mailman/options/dev>,
	<mailto:dev-request@oe-lite.org?subject=unsubscribe>
List-Archive: <http://lists.oe-lite.org/pipermail/dev>
List-Post: <mailto:dev@oe-lite.org>
List-Help: <mailto:dev-request@oe-lite.org?subject=help>
List-Subscribe: <http://lists.oe-lite.org/mailman/listinfo/dev>,
	<mailto:dev-request@oe-lite.org?subject=subscribe>
Sender: dev-bounces@oe-lite.org
Errors-To: dev-bounces@oe-lite.org

From: Christian Sørensen <christian.braunersorensen@prevas.dk>

Signed-off-by: Christian Sørensen <christian.braunersorensen@prevas.dk>
---
 .../correct_rpl_gettimeofday_signature.patch       |  27 +++++
 recipes/gnutls/gnutls-3.2.13/gnutls-openssl.patch  | 115 +++++++++++++++++++++
 recipes/gnutls/gnutls_3.2.13.oe                    |  31 ++++++
 recipes/gnutls/gnutls_3.2.13.oe.sig                |   1 +
 4 files changed, 174 insertions(+)
 create mode 100644 recipes/gnutls/gnutls-3.2.13/correct_rpl_gettimeofday_signature.patch
 create mode 100644 recipes/gnutls/gnutls-3.2.13/gnutls-openssl.patch
 create mode 100644 recipes/gnutls/gnutls_3.2.13.oe
 create mode 100644 recipes/gnutls/gnutls_3.2.13.oe.sig

diff --git a/recipes/gnutls/gnutls-3.2.13/correct_rpl_gettimeofday_signature.patch b/recipes/gnutls/gnutls-3.2.13/correct_rpl_gettimeofday_signature.patch
new file mode 100644
index 0000000..bec78af
--- /dev/null
+++ b/recipes/gnutls/gnutls-3.2.13/correct_rpl_gettimeofday_signature.patch
@@ -0,0 +1,27 @@
+--- gnutls-3.2.13/gl/sys_time.in.h.orig	2014-04-10 07:48:33.251455592 +0200
++++ gnutls-3.2.13/gl/sys_time.in.h	2014-04-10 07:49:15.507456784 +0200
+@@ -93,20 +93,20 @@
+ #   define gettimeofday rpl_gettimeofday
+ #  endif
+ _GL_FUNCDECL_RPL (gettimeofday, int,
+-                  (struct timeval *restrict, void *restrict)
++                  (struct timeval *__restrict, void *__restrict)
+                   _GL_ARG_NONNULL ((1)));
+ _GL_CXXALIAS_RPL (gettimeofday, int,
+-                  (struct timeval *restrict, void *restrict));
++                  (struct timeval *__restrict, void *__restrict));
+ # else
+ #  if !@HAVE_GETTIMEOFDAY@
+ _GL_FUNCDECL_SYS (gettimeofday, int,
+-                  (struct timeval *restrict, void *restrict)
++                  (struct timeval *__restrict, void *__restrict)
+                   _GL_ARG_NONNULL ((1)));
+ #  endif
+ /* Need to cast, because on glibc systems, by default, the second argument is
+                                                   struct timezone *.  */
+ _GL_CXXALIAS_SYS_CAST (gettimeofday, int,
+-                       (struct timeval *restrict, void *restrict));
++                       (struct timeval *__restrict, void *__restrict));
+ # endif
+ _GL_CXXALIASWARN (gettimeofday);
+ #elif defined GNULIB_POSIXCHECK
diff --git a/recipes/gnutls/gnutls-3.2.13/gnutls-openssl.patch b/recipes/gnutls/gnutls-3.2.13/gnutls-openssl.patch
new file mode 100644
index 0000000..684eb91
--- /dev/null
+++ b/recipes/gnutls/gnutls-3.2.13/gnutls-openssl.patch
@@ -0,0 +1,115 @@
+--- gnutls-3.2.13/extra/gnutls_openssl.c.orig	2014-04-10 07:40:41.555442287 +0200
++++ gnutls-3.2.13/extra/gnutls_openssl.c	2014-04-10 07:43:49.223447580 +0200
+@@ -240,11 +240,16 @@
+ 	ssl->rfd = (gnutls_transport_ptr_t) - 1;
+ 	ssl->wfd = (gnutls_transport_ptr_t) - 1;
+ 
++        ssl->ssl_peek_buffer = NULL;
++        ssl->ssl_peek_buffer_size = ssl->ssl_peek_avail = 0;
++
+ 	return ssl;
+ }
+ 
+ void SSL_free(SSL * ssl)
+ {
++        if (ssl->ssl_peek_buffer)
++                free(ssl->ssl_peek_buffer);
+ 	gnutls_certificate_free_credentials(ssl->gnutls_cred);
+ 	gnutls_deinit(ssl->gnutls_state);
+ 	free(ssl);
+@@ -266,6 +271,7 @@
+ {
+ 	gnutls_transport_set_ptr(ssl->gnutls_state,
+ 				 GNUTLS_INT_TO_POINTER(fd));
++        ssl->rfd = ssl->wfd = fd;
+ 	return 1;
+ }
+ 
+@@ -291,6 +297,16 @@
+ 	return 1;
+ }
+ 
++int SSL_get_rfd(SSL *ssl)
++{
++        return ssl->rfd;
++}
++
++int SSL_get_wfd(SSL *ssl)
++{
++        return ssl->wfd;
++}
++
+ void SSL_set_bio(SSL * ssl, BIO * rbio, BIO * wbio)
+ {
+ 	gnutls_transport_set_ptr2(ssl->gnutls_state, rbio->fd, wbio->fd);
+@@ -303,6 +319,8 @@
+ 
+ int SSL_pending(SSL * ssl)
+ {
++        if (ssl->ssl_peek_avail)
++                return ssl->ssl_peek_avail;
+ 	return gnutls_record_check_pending(ssl->gnutls_state);
+ }
+ 
+@@ -437,10 +455,49 @@
+ 	return 1;
+ }
+ 
++int SSL_peek(SSL *ssl, void *buf, int len)
++{
++	if (len > ssl->ssl_peek_buffer_size) {
++		ssl->ssl_peek_buffer = realloc (ssl->ssl_peek_buffer, len);
++		ssl->ssl_peek_buffer_size = len;
++	}
++
++	if (ssl->ssl_peek_avail == 0) {
++
++		int ret;
++
++		ret = gnutls_record_recv(ssl->gnutls_state, ssl->ssl_peek_buffer, len);
++		ssl->last_error = ret;
++
++		if (ret > 0)
++			ssl->ssl_peek_avail += ret;
++	}
++
++	if (len > ssl->ssl_peek_avail)
++		len = ssl->ssl_peek_avail;
++
++	memcpy (buf, ssl->ssl_peek_buffer, len);
++
++	return len;
++}
++
+ int SSL_read(SSL * ssl, void *buf, int len)
+ {
+ 	int ret;
+ 
++	if (ssl->ssl_peek_avail) {
++		int n = (ssl->ssl_peek_avail > len) ? len : ssl->ssl_peek_avail;
++
++		memcpy (buf, ssl->ssl_peek_buffer, n);
++
++		if (ssl->ssl_peek_avail > n)
++			memmove (ssl->ssl_peek_buffer, ssl->ssl_peek_buffer + n, ssl->ssl_peek_avail - n);
++
++		ssl->ssl_peek_avail -= n;
++
++		return n;
++	}
++
+ 	ret = gnutls_record_recv(ssl->gnutls_state, buf, len);
+ 	ssl->last_error = ret;
+ 
+--- gnutls-3.2.13/extra/includes/gnutls/openssl.h.orig	2014-04-10 07:44:52.315449360 +0200
++++ gnutls-3.2.13/extra/includes/gnutls/openssl.h	2014-04-10 07:45:15.343450010 +0200
+@@ -154,6 +154,9 @@
+ 
+ 		gnutls_transport_ptr_t rfd;
+ 		gnutls_transport_ptr_t wfd;
++		char *ssl_peek_buffer;
++		size_t ssl_peek_buffer_size;
++		size_t ssl_peek_avail;
+ 	};
+ 
+ #define rbio gnutls_state
diff --git a/recipes/gnutls/gnutls_3.2.13.oe b/recipes/gnutls/gnutls_3.2.13.oe
new file mode 100644
index 0000000..2abdd59
--- /dev/null
+++ b/recipes/gnutls/gnutls_3.2.13.oe
@@ -0,0 +1,31 @@
+require gnutls.inc
+
+DEPENDS += "libnettle libhogweed"
+
+LICENSE = "GPLv3+ & LGPLv2.1+"
+LICENSE_${PN} = "LGPLv2.1+"
+LICENSE_${PN}-xx = "LGPLv2.1+"
+LICENSE_${PN}-bin = "GPLv3+"
+LICENSE_${PN}-extra = "GPLv3+"
+LICENSE_${PN}-openssl = "GPLv3+"
+
+SRC_URI = "ftp://ftp.gnutls.org/gcrypt/gnutls/v3.2/gnutls-${PV}.tar.xz"
+
+SRC_URI += "file://gnutls-openssl.patch"
+SRC_URI += "file://correct_rpl_gettimeofday_signature.patch"
+
+PARALLEL_MAKE = ""
+
+AUTO_PACKAGE_LIBS = "gnutls gnutlsxx gnutls-openssl gnutls-xssl"
+DEPENDS_${PN}-libgnutls += "libgmp libhogweed libnettle"
+RDEPENDS_${PN}-libgnutls += "libgmp libhogweed libnettle"
+DEPENDS_${PN}-libgnutls-xssl += "libc libgnutls"
+RDEPENDS_${PN}-libgnutls-xssl += "libc libgnutls"
+
+AUTO_PACKAGE_UTILS += "danetool ocsptool"
+DEPENDS_${PN}-certtool += "libgmp libhogweed libnettle"
+RDEPENDS_${PN}-certtool += "libgmp libhogweed libnettle"
+
+LIBRARY_VERSION = "28"
+LIBRARY_VERSION_${PN}-libgnutls-openssl = "27"
+LIBRARY_VERSION_${PN}-libgnutls-xssl = "0"
diff --git a/recipes/gnutls/gnutls_3.2.13.oe.sig b/recipes/gnutls/gnutls_3.2.13.oe.sig
new file mode 100644
index 0000000..7bc19c3
--- /dev/null
+++ b/recipes/gnutls/gnutls_3.2.13.oe.sig
@@ -0,0 +1 @@
+c4a95902bb67df46e9b2c08d4c10523db94e2736  gnutls-3.2.13.tar.xz