diff options
-rw-r--r-- | patches/gnutls-3.6.16/0001-don-t-try-ru-build-run-code-generator.patch | 31 | ||||
l--------- | patches/gnutls-3.6.16/autogen.sh | 1 | ||||
-rw-r--r-- | patches/gnutls-3.6.16/series | 4 | ||||
-rw-r--r-- | rules/gnutls.in | 11 | ||||
-rw-r--r-- | rules/gnutls.make | 19 |
5 files changed, 23 insertions, 43 deletions
diff --git a/patches/gnutls-3.6.16/0001-don-t-try-ru-build-run-code-generator.patch b/patches/gnutls-3.6.16/0001-don-t-try-ru-build-run-code-generator.patch deleted file mode 100644 index c879ec7f8..000000000 --- a/patches/gnutls-3.6.16/0001-don-t-try-ru-build-run-code-generator.patch +++ /dev/null @@ -1,31 +0,0 @@ -From: Michael Olbrich <m.olbrich@pengutronix.de> -Date: Fri, 3 Apr 2020 13:07:30 +0200 -Subject: [PATCH] don't try ru build / run code generator - -Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de> ---- - lib/nettle/Makefile.am | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/lib/nettle/Makefile.am b/lib/nettle/Makefile.am -index aae87e09023a..de6f9ed44399 100644 ---- a/lib/nettle/Makefile.am -+++ b/lib/nettle/Makefile.am -@@ -99,6 +99,8 @@ ecc_generated_headers = \ - BUILT_SOURCES = $(ecc_generated_headers) - EXTRA_DIST = $(ecc_generated_headers) ecc/eccdata.stamp - -+if !CROSS_COMPILING -+ - noinst_PROGRAMS = ecc/eccdata$(EXEEXT) - - ecc_eccdata_SOURCES = ecc/eccdata.c -@@ -126,6 +128,8 @@ ecc/ecc-gost-gc512a-32.h: ecc/eccdata.stamp - ecc/ecc-gost-gc512a-64.h: ecc/eccdata.stamp - $(AM_V_GEN)ecc/eccdata$(EXEEXT) gost_gc512a 43 6 64 > $@T && mv $@T $@ - -+endif -+ - libcrypto_la_SOURCES += \ - gost/ecc-gost-hash.c nettle-alloca.h ecc-gost-curve.h - diff --git a/patches/gnutls-3.6.16/autogen.sh b/patches/gnutls-3.6.16/autogen.sh deleted file mode 120000 index 9f8a4cb7d..000000000 --- a/patches/gnutls-3.6.16/autogen.sh +++ /dev/null @@ -1 +0,0 @@ -../autogen.sh
\ No newline at end of file diff --git a/patches/gnutls-3.6.16/series b/patches/gnutls-3.6.16/series deleted file mode 100644 index 1a79ecf82..000000000 --- a/patches/gnutls-3.6.16/series +++ /dev/null @@ -1,4 +0,0 @@ -# generated by git-ptx-patches -#tag:base --start-number 1 -0001-don-t-try-ru-build-run-code-generator.patch -# b14a2a9426010360472bbafa176de894 - git-ptx-patches magic diff --git a/rules/gnutls.in b/rules/gnutls.in index 8b9443652..11fd963da 100644 --- a/rules/gnutls.in +++ b/rules/gnutls.in @@ -4,6 +4,7 @@ menuconfig GNUTLS tristate select LIBTASN1 select NETTLE + select LIBKCAPI if GNUTLS_AFALG select GCCLIBS_CXX if GNUTLS_CXX select CRYPTODEV_API if GNUTLS_CRYPTODEV && BUILDTIME prompt "gnutls " @@ -28,6 +29,16 @@ config GNUTLS_CRYPTODEV help Enable the BSD cryptodev engine even if we are not using BSD. +config GNUTLS_AFALG + bool + prompt "enable AFALG support" + +config GNUTLS_KTLS + bool + prompt "enable KTLS support" + help + Kernel TLS offload. Sufficiently moderen kernel headers are needed. + config GNUTLS_OPENSSL bool prompt "openssl compatibility" diff --git a/rules/gnutls.make b/rules/gnutls.make index 43aa90b8d..bc5d69cf0 100644 --- a/rules/gnutls.make +++ b/rules/gnutls.make @@ -14,11 +14,11 @@ PACKAGES-$(PTXCONF_GNUTLS) += gnutls # # Paths and names # -GNUTLS_VERSION := 3.6.16 -GNUTLS_MD5 := 5db1678931fa6bbd40beed235c6a0a37 +GNUTLS_VERSION := 3.7.3 +GNUTLS_MD5 := 3723d8fee66c5d45d780ca64c089ed23 GNUTLS := gnutls-$(GNUTLS_VERSION) GNUTLS_SUFFIX := tar.xz -GNUTLS_URL := https://www.gnupg.org/ftp/gcrypt/gnutls/v3.6/$(GNUTLS).$(GNUTLS_SUFFIX) +GNUTLS_URL := https://www.gnupg.org/ftp/gcrypt/gnutls/v3.7/$(GNUTLS).$(GNUTLS_SUFFIX) GNUTLS_SOURCE := $(SRCDIR)/$(GNUTLS).$(GNUTLS_SUFFIX) GNUTLS_DIR := $(BUILDDIR)/$(GNUTLS) GNUTLS_LICENSE := LGPL-3.0-or-later @@ -27,6 +27,11 @@ GNUTLS_LICENSE := LGPL-3.0-or-later # Prepare # ---------------------------------------------------------------------------- +ifdef PTXCONF_KERNEL_HEADER +GNUTLS_CPPFLAGS := \ + -isystem $(KERNEL_HEADERS_INCLUDE_DIR) +endif + # # autoconf # @@ -41,6 +46,7 @@ GNUTLS_CONF_OPT := \ --disable-manpages \ --disable-tools \ --enable-cxx \ + --disable-dyn-ncrypt \ --enable-hardware-acceleration \ --enable-tls13-interop \ --enable-padlock \ @@ -58,6 +64,8 @@ GNUTLS_CONF_OPT := \ --enable-ecdhe \ --enable-gost \ --$(call ptx/endis, PTXCONF_GNUTLS_CRYPTODEV)-cryptodev \ + --$(call ptx/endis, PTXCONF_GNUTLS_AFALG)-afalg \ + --$(call ptx/endis, PTXCONF_GNUTLS_KTLS)-ktls \ --enable-ocsp \ --$(call ptx/endis, PTXCONF_GNUTLS_OPENSSL)-openssl-compatibility \ --disable-tests \ @@ -78,9 +86,6 @@ GNUTLS_CONF_OPT := \ --disable-fips140-mode \ --enable-non-suiteb-curves \ --disable-libdane \ - --enable-local-libopts \ - --disable-libopts-install \ - --enable-optional-args \ --disable-guile \ --with-nettle-mini \ --without-included-libtasn1 \ @@ -88,9 +93,9 @@ GNUTLS_CONF_OPT := \ --without-fips140-key \ --without-idn \ --without-p11-kit \ + --without-tpm2 \ --without-tpm \ --without-trousers-lib \ - --without-libregex \ --with-default-trust-store-file=/etc/ssl/certs/ca-certificates.crt # ---------------------------------------------------------------------------- |