contrib: require version 3.4.14 of gnutls

gnutls 3.4.14 has just been released. This release contains our DTLS patch, so this patch set this version as minimum and removes the DTLS patch. As gnutls is updated, this patch removes also the build force on nettle, removes deprecated format-security patch and disable non-suitb curves to let gnutls link with some system provided nettle (like on Fedora). Change-Id: I073b7409138310c1d749e5ef5a9ddd3937dc1d4a Tuleap: #783

contrib: require version 3.4.14 of gnutls
48e70d7c · Guillaume Roguez · d42c72a6 · 48e70d7c · d42c72a6 · d42c72a6
Commit 48e70d7c authored 8 years ago by Guillaume Roguez
--- a/contrib/src/gnutls/SHA512SUMS
+++ b/contrib/src/gnutls/SHA512SUMS
-e5cd60240ebbcac9d8f7c28fdbf023a499e3c58a352a43c24d075b248a0a903161b1745641bf263519293c0014424cc23dbb67274c8934aaf273a523ad0a2925  gnutls-3.4.10.tar.xz
+d75f6b4dea2dc742cd7f60ee0ee540d41b69991aaa937ca0138cfdf4a1e0dfaaa3863464303bfa5799e14ee02de252f71c59a7a9e57b96ff8af653e419edfd4e  gnutls-3.4.14.tar.xz
--- a/contrib/src/gnutls/dtls-packet-reordering.patch
+++ b/contrib/src/gnutls/dtls-packet-reordering.patch
--- a/lib/gnutls_buffers.c
-+++ b/lib/gnutls_buffers.c
-@@ -1033 +1033 @@
-		    && hsk->end_offset >=
-+		    && hsk->end_offset + 1 >=
--- a/contrib/src/gnutls/format-security.patch
+++ b/contrib/src/gnutls/format-security.patch
-diff -rU0 gnutls-old/lib/x509/ocsp_output.c gnutls/lib/x509/ocsp_output.c
--- gnutls-old/lib/x509/ocsp_output.c
-+++ gnutls/lib/x509/ocsp_output.c
-@@ -289 +289 @@
-					addf(str, _("\tResponder Key ID: "));
-+					adds(str, _("\tResponder Key ID: "));
--- a/contrib/src/gnutls/rules.mak
+++ b/contrib/src/gnutls/rules.mak
 # GnuTLS

-GNUTLS_VERSION := 3.4.10
+GNUTLS_VERSION := 3.4.14
 GNUTLS_URL := ftp://ftp.gnutls.org/gcrypt/gnutls/v3.4/gnutls-$(GNUTLS_VERSION).tar.xz

 PKGS += gnutls
-# We need at least the 3.4.10, but DTLS handshake re-ordered packet fix is only available since 3.4.14
-# So we patch the 3.4.10 until official release of 3.4.14
+
 ifeq ($(call need_pkg,"gnutls >= 3.4.14"),)
 PKGS_FOUND += gnutls
 endif
@@ -33,8 +32,6 @@ endif
 ifndef HAVE_IOS
 	$(APPLY) $(SRC)/gnutls/mac-keychain-lookup.patch
 endif
-	$(APPLY) $(SRC)/gnutls/format-security.patch
-	$(APPLY) $(SRC)/gnutls/dtls-packet-reordering.patch
 	$(call pkg_static,"lib/gnutls.pc.in")
 	$(UPDATE_AUTOCONFIG)
 	$(MOVE)
@@ -52,6 +49,7 @@ GNUTLS_CONF := \
 	--disable-nls \
 	--disable-dtls-srtp-support \
 	--without-libintl-prefix \
+	--disable-non-suiteb-curves \
 	$(HOSTCONF)

 ifdef HAVE_ANDROID

--- a/contrib/src/nettle/rules.mak
+++ b/contrib/src/nettle/rules.mak
@@ -5,12 +5,9 @@ NETTLE_URL := $(GNU)/nettle/nettle-$(NETTLE_VERSION).tar.gz

 PKGS += nettle

-# TEMPORARY DISABLED
-# Force nettle contrib until gnutls major patches are upstream and released
-# See gnutls rules.mak for more information
-#ifeq ($(call need_pkg,"nettle >= 3.1"),)
-#PKGS_FOUND += nettle
-#endif
+ifeq ($(call need_pkg,"nettle >= 3.1"),)
+PKGS_FOUND += nettle
+endif

 $(TARBALLS)/nettle-$(NETTLE_VERSION).tar.gz:
 	$(call download,$(NETTLE_URL))