From d8a00bb62bf9a0b799949de723b93d8494393335 Mon Sep 17 00:00:00 2001 From: Rosen Penev Date: Mon, 18 Mar 2019 14:27:06 -0700 Subject: [PATCH] gnutls: Update to 3.6.7 Cleaned up configure arguments (alphabetized and sorted) and added some new ones to help speed up compilation. Disabled SSL support by default. SSLv2 and 3 have long been deprecated as they are both insecure variants that currently hold less than 10% of total encrypted traffic on the web. Signed-off-by: Rosen Penev --- libs/gnutls/Config.in | 4 ---- libs/gnutls/Makefile | 37 +++++++++++++++++-------------------- 2 files changed, 17 insertions(+), 24 deletions(-) diff --git a/libs/gnutls/Config.in b/libs/gnutls/Config.in index 562d67892..88dbc7a93 100644 --- a/libs/gnutls/Config.in +++ b/libs/gnutls/Config.in @@ -23,10 +23,6 @@ config GNUTLS_HEARTBEAT bool "enable DTLS heartbeat support" default y -config GNUTLS_OPENPGP - bool "enable OPENPGP authentication support" - default n - config GNUTLS_SRP bool "enable SRP authentication support" default n diff --git a/libs/gnutls/Makefile b/libs/gnutls/Makefile index f31a5a893..b494e9606 100644 --- a/libs/gnutls/Makefile +++ b/libs/gnutls/Makefile @@ -8,21 +8,21 @@ include $(TOPDIR)/rules.mk PKG_NAME:=gnutls -PKG_VERSION:=3.6.5 +PKG_VERSION:=3.6.7 PKG_RELEASE:=1 PKG_USE_MIPS16:=0 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=https://www.gnupg.org/ftp/gcrypt/gnutls/v3.6 -PKG_HASH:=073eced3acef49a3883e69ffd5f0f0b5f46e2760ad86eddc6c0866df4e7abb35 +PKG_HASH:=5b3409ad5aaf239808730d1ee12fdcd148c0be00262c7edf157af655a8a188e2 #PKG_FIXUP:=autoreconf gettext-version PKG_MAINTAINER:=Nikos Mavrogiannopoulos PKG_LICENSE:=LGPLv2.1+ PKG_CPE_ID:=cpe:/a:gnu:gnutls PKG_INSTALL:=1 +PKG_BUILD_PARALLEL:=1 PKG_LIBTOOL_PATHS:=. lib -PKG_CHECK_FORMAT_SECURITY:=0 PKG_CONFIG_DEPENDS:= \ CONFIG_GNUTLS_ALPN \ @@ -32,7 +32,6 @@ PKG_CONFIG_DEPENDS:= \ CONFIG_GNUTLS_EXT_LIBTASN1 \ CONFIG_GNUTLS_HEARTBEAT \ CONFIG_GNUTLS_OCSP \ - CONFIG_GNUTLS_OPENPGP \ CONFIG_GNUTLS_PKCS11 \ CONFIG_GNUTLS_PSK \ CONFIG_GNUTLS_SRP \ @@ -97,7 +96,7 @@ endef define Package/libgnutls $(call Package/gnutls/Default) TITLE+= (library) - DEPENDS+= +libnettle +!LIBNETTLE_MINI:libgmp +GNUTLS_EXT_LIBTASN1:libtasn1 +GNUTLS_PKCS11:p11-kit +GNUTLS_CRYPTODEV:kmod-cryptodev + DEPENDS+= +libnettle +!LIBNETTLE_MINI:libgmp +GNUTLS_EXT_LIBTASN1:libtasn1 +GNUTLS_PKCS11:p11-kit +GNUTLS_CRYPTODEV:kmod-cryptodev +libatomic endef define Package/libgnutls/description @@ -109,19 +108,23 @@ endef CONFIGURE_ARGS+= \ --enable-shared \ --enable-static \ + --disable-doc \ + --disable-gcc-warnings \ + --disable-guile \ --disable-rpath \ + --disable-seccomp-tests \ + --disable-tests \ + --disable-valgrind-tests \ + \ --disable-libdane \ - --with-included-unistring \ - --disable-guile \ - --disable-nls \ - --without-idn \ - --without-zlib \ + --disable-ssl2-support \ + --disable-ssl3-support \ --enable-local-libopts \ - --disable-doc \ - --disable-tests \ + --without-idn \ --with-default-trust-store-dir=/etc/ssl/certs/ \ - --disable-crywrap \ - --with-librt-prefix="$(LIBRT_ROOT_DIR)/" + --with-included-unistring \ + --with-librt-prefix="$(LIBRT_ROOT_DIR)/" \ + --with-pic ifneq ($(CONFIG_GNUTLS_EXT_LIBTASN1),y) CONFIGURE_ARGS += --with-included-libtasn1 @@ -155,10 +158,6 @@ ifneq ($(CONFIG_GNUTLS_PSK),y) CONFIGURE_ARGS += --disable-psk-authentication endif -ifneq ($(CONFIG_GNUTLS_OPENPGP),y) -CONFIGURE_ARGS += --disable-openpgp-authentication -endif - ifneq ($(CONFIG_GNUTLS_ANON),y) CONFIGURE_ARGS += --disable-anon-authentication endif @@ -175,8 +174,6 @@ ifeq ($(CONFIG_GNUTLS_CRYPTODEV),y) CONFIGURE_ARGS += --enable-cryptodev endif -TARGET_CFLAGS += $(FPIC) - define Build/InstallDev $(INSTALL_DIR) $(1)/usr/include $(1)/usr/lib/pkgconfig $(CP) \